CVE-2024-21126

EUVD-2024-18840

16.07.2024, 23:15

Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server.  Supported versions that are affected are 19.3-19.23 and  21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware.  While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.8 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 41%

Affected Products (NVD)

Vendor	Product	Version
oracle	database_server	19.3 ≤ 𝑥 ≤ 19.23
oracle	database_server	21.3 ≤ 𝑥 ≤ 21.14

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
oracle	database	21.3 ≤ 𝑥 ≤ 21.14	ADP
oracle	database	19.3 ≤ 𝑥 ≤ 19.23	ADP

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://www.oracle.com/security-alerts/cpujul2024.html