March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Palo Alto Networks Provides Additional Information Regarding Critical Vulnerability in PAN-OS
April 23, 2024North Korean Threat Actors Utilize AI-Driven Cyber Espionage Tactics
April 23, 2024Palo Alto Networks Provides Additional Information Regarding Critical Vulnerability in PAN-OS
April 23, 2024North Korean Threat Actors Utilize AI-Driven Cyber Espionage Tactics
April 23, 2024
Severity
Low
Analysis Summary
CVE-2024-20995 CVSS:2.4
An unspecified vulnerability in Oracle Database Server related to the Oracle Database Sharding component could allow a remote authenticated attacker to cause a high availability impact.
CVE-2024-21012 CVSS:3.7
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause high integrity impact.
CVE-2024-21004 CVSS:2.5
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JavaFX component could allow a local authenticated attacker to cause low integrity impact.
CVE-2024-21085 CVSS:3.7
An unspecified vulnerability in Oracle Java SE, GraalVM for JDK and GraalVM related to the Hotspot component could allow a remote attacker to cause low availability impacts.
CVE-2024-20954 CVSS:3.7
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause low availability impact.
CVE-2024-21000 CVSS:3.8
An unspecified vulnerability in Oracle MySQL Server related to the Server: Security: Privileges component could allow a remote authenticated attacker to cause low confidentiality impact and low integrity impact.
CVE-2024-21068 CVSS:3.7
An unspecified vulnerability in the Oracle Java SE, GraalVM for JDK and GraalVM related to Hotspot component could allow a remote authenticated attacker to cause low integrity impacts.
CVE-2024-21101 CVSS:2.2
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow a remote authenticated attacker to cause low confidentiality impact.
CVE-2024-21094 CVSS:3.7
An unspecified vulnerability in Oracle Java SE, GraalVM for JDK and GraalVM related to the Hotspot component could allow a remote attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVE-2024-21002 CVSS:2.5
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JavaFX component could allow a local autheticated attacker to cause low integrity impact.
CVE-2024-21005 CVSS:3.1
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise related to the JavaFX component could allow a remote authenticated attacker to cause low integrity impact.
CVE-2024-21011 CVSS:3.7
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause low availability impact.
CVE-2024-21098 CVSS:3.7
An unspecified vulnerability in Oracle Java SE, GraalVM for JDK and GraalVM related to the Compiler component could allow a remote attacker to cause a low availability impact.
CVE-2024-21003 CVSS:3.1
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise related to the JavaFX component could allow a remote attacker to cause low integrity impact.
CVE-2024-21105 CVSS:2
An unspecified vulnerability in Oracle Solaris related to the Utility component could allow a local authenticated attacker to cause low confidentiality impact.
CVE-2024-21075 CVSS:7.5
An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the Claim Line LOV component could allow a remote attacker to cause a high confidentiality impact.
CVE-2024-21063 CVSS:7.3
An unspecified vulnerability in Oracle PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft related to the Benefits Administration could allow a remote attacker to cause high confidentiality , low integrity and low availability impacts.
CVE-2024-21079 CVSS:7.5
An unspecified vulnerability in Oracle Marketing product of Oracle E-Business Suite related to the Campaign LOV component could allow a remote authenticated attacker to cause a high confidentiality impact.
Impact
- Denial of Service
- Gain Access
- Information Obtained
Indicators of Compromise
CVE
- CVE-2024-20995
- CVE-2024-21012
- CVE-2024-21004
- CVE-2024-21085
- CVE-2024-20954
- CVE-2024-21000
- CVE-2024-21068
- CVE-2024-21101
- CVE-2024-21094
- CVE-2024-21002
- CVE-2024-21005
- CVE-2024-21011
- CVE-2024-21098
- CVE-2024-21003
- CVE-2024-21105
- CVE-2024-21075
- CVE-2024-21063
- CVE-2024-21079
Affected Vendors
Oracle
Affected Products
- Oracle Solaris 11
- Oracle MySQL Server 8.0.35
- Oracle MySQL Server 8.2.0
- Oracle MySQL Server 8.0.36
- Oracle MySQL Server 8.3.0
- Oracle Database 19.3
- Oracle Database 19.22
- Oracle Database 21.3 Enterprise
- Oracle Java SE 8u401
- Oracle Java SE 8u401-perf
- Oracle Java SE 11.0.22
- Oracle Java SE 17.0.10
- Oracle Java SE 21.0.2
- Oracle Java SE 22
- Oracle GraalVM for JDK 17.0.10
- Oracle GraalVM for JDK 21.0.2
- Oracle GraalVM for JDK 22
- Oracle GraalVM for JDK 20.3.13 Enterprise
- Oracle GraalVM for JDK 21.3.9 Enterprise
- Oracle GraalVM Enterprise 21.3.13
- Oracle GraalVM 21.3.9
- Oracle MySQL Cluster 7.5.33
- Oracle MySQL Cluster 8.0.36
- Oracle PeopleSoft Enterprise HCM Benefits Administration pro 9.2
- Oracle Marketing 12.2.3
- Oracle Marketing 12.2.13
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.