Request a Demo
Rewterz
Palo Alto Networks Provides Additional Information Regarding Critical Vulnerability in PAN-OS
April 23, 2024
Rewterz
North Korean Threat Actors Utilize AI-Driven Cyber Espionage Tactics
April 23, 2024

Multiple Oracle Products Vulnerabilities

Severity

Low

Analysis Summary

CVE-2024-20995 CVSS:2.4

An unspecified vulnerability in Oracle Database Server related to the Oracle Database Sharding component could allow a remote authenticated attacker to cause a high availability impact.

CVE-2024-21012 CVSS:3.7

An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause high integrity impact.

CVE-2024-21004 CVSS:2.5

An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JavaFX component could allow a local authenticated attacker to cause low integrity impact.

CVE-2024-21085 CVSS:3.7

An unspecified vulnerability in Oracle Java SE, GraalVM for JDK and GraalVM related to the Hotspot component could allow a remote attacker to cause low availability impacts.

CVE-2024-20954 CVSS:3.7

An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause low availability impact.

CVE-2024-21000 CVSS:3.8

An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Privileges component could allow a remote authenticated attacker to cause low confidentiality impact and low integrity impact.

CVE-2024-21068 CVSS:3.7

An unspecified vulnerability in the Oracle Java SE, GraalVM for JDK and GraalVM related to Hotspot component could allow a remote authenticated attacker to cause low integrity impacts.

CVE-2024-21101 CVSS:2.2

An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow a remote authenticated attacker to cause low confidentiality impact.

CVE-2024-21094 CVSS:3.7

An unspecified vulnerability in Oracle Java SE, GraalVM for JDK and GraalVM related to the Hotspot component could allow a remote attacker to cause no confidentiality impact, low integrity impact, and no availability impact.

CVE-2024-21002 CVSS:2.5

An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JavaFX component could allow a local autheticated attacker to cause low integrity impact.

CVE-2024-21005 CVSS:3.1

An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise related to the JavaFX component could allow a remote authenticated attacker to cause low integrity impact.

CVE-2024-21011 CVSS:3.7

An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause low availability impact.

CVE-2024-21098 CVSS:3.7

An unspecified vulnerability in Oracle Java SE, GraalVM for JDK and GraalVM related to the Compiler component could allow a remote attacker to cause a low availability impact.

CVE-2024-21003 CVSS:3.1

An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise related to the JavaFX component could allow a remote attacker to cause low integrity impact.

CVE-2024-21105 CVSS:2

An unspecified vulnerability in Oracle Solaris related to the Utility component could allow a local authenticated attacker to cause low confidentiality impact.

CVE-2024-21075 CVSS:7.5

An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the Claim Line LOV component could allow a remote attacker to cause a high confidentiality impact.

CVE-2024-21063 CVSS:7.3

An unspecified vulnerability in Oracle PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft related to the Benefits Administration could allow a remote attacker to cause high confidentiality , low integrity and low availability impacts.

CVE-2024-21079 CVSS:7.5

An unspecified vulnerability in Oracle Marketing product of Oracle E-Business Suite related to the Campaign LOV component could allow a remote authenticated attacker to cause a high confidentiality impact.

Impact

  • Denial of Service
  • Gain Access
  • Information Obtained

Indicators of Compromise

CVE

  • CVE-2024-20995
  • CVE-2024-21012
  • CVE-2024-21004
  • CVE-2024-21085
  • CVE-2024-20954
  • CVE-2024-21000
  • CVE-2024-21068
  • CVE-2024-21101
  • CVE-2024-21094
  • CVE-2024-21002
  • CVE-2024-21005
  • CVE-2024-21011
  • CVE-2024-21098
  • CVE-2024-21003
  • CVE-2024-21105
  • CVE-2024-21075
  • CVE-2024-21063
  • CVE-2024-21079

Affected Vendors

Oracle

Affected Products

  • Oracle Solaris 11
  • Oracle MySQL Server 8.0.35
  • Oracle MySQL Server 8.2.0
  • Oracle MySQL Server 8.0.36
  • Oracle MySQL Server 8.3.0
  • Oracle Database 19.3
  • Oracle Database 19.22
  • Oracle Database 21.3 Enterprise
  • Oracle Java SE 8u401
  • Oracle Java SE 8u401-perf
  • Oracle Java SE 11.0.22
  • Oracle Java SE 17.0.10
  • Oracle Java SE 21.0.2
  • Oracle Java SE 22
  • Oracle GraalVM for JDK 17.0.10
  • Oracle GraalVM for JDK 21.0.2
  • Oracle GraalVM for JDK 22
  • Oracle GraalVM for JDK 20.3.13 Enterprise
  • Oracle GraalVM for JDK 21.3.9 Enterprise
  • Oracle GraalVM Enterprise 21.3.13
  • Oracle GraalVM 21.3.9
  • Oracle MySQL Cluster 7.5.33
  • Oracle MySQL Cluster 8.0.36
  • Oracle PeopleSoft Enterprise HCM Benefits Administration pro 9.2
  • Oracle Marketing 12.2.3
  • Oracle Marketing 12.2.13

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory