Request a Demo
Middle East Threat Landscape Report 2024
July 23, 2024
Rewterz
Multiple Juniper Networks Products Vulnerabilities
July 23, 2024

Multiple Oracle Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-21163 CVSS:5.5

An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.

CVE-2024-21166 CVSS:5.9

An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.

CVE-2024-21135 CVSS:4.9

An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.

CVE-2024-21177 CVSS:6.5

An unspecified vulnerability in Oracle MySQL Server related to the Cluster: General component could allow a remote authenticated attacker to cause high availability impact.

CVE-2024-21134 CVSS:4.3

An unspecified vulnerability in Oracle MySQL Server related to the Server: Connection Handling component could allow a remote authenticated attacker to cause low availability impact.

CVE-2024-21155 CVSS:4.7

An unspecified vulnerability in Oracle ZFS Storage Appliance Kit related to the User Interface component could allow a remote attacker to cause low confidentiality impact.

CVE-2024-21171 CVSS:6.5

An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high availability impact.

CVE-2024-21160 CVSS:4.9

An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.

CVE-2024-21157 CVSS:4.9

An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow a remote authenticated attacker to cause high availability impact.

CVE-2024-21126 CVSS:5.8

An unspecified vulnerability in Oracle Database Server related to the Oracle Database Portable Clusterware component could allow a remote attacker to cause a low availability impact.

CVE-2024-21132 CVSS:5.4

An unspecified vulnerability in Oracle Purchasing related to the Approvals component could allow a remote authenticated attacker to cause low confidentiality and low integrity impacts.

Impact

  • Denial of Service
  • Information Disclosure
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2024-21163
  • CVE-2024-21166
  • CVE-2024-21135
  • CVE-2024-21177
  • CVE-2024-21134
  • CVE-2024-21155
  • CVE-2024-21171
  • CVE-2024-21160
  • CVE-2024-21157
  • CVE-2024-21126
  • CVE-2024-21132

Affected Vendors

Oracle

Affected Products

  • Oracle MySQL Server 8.0.36
  • Oracle MySQL Server 8.3.0
  • Oracle Database 19.3
  • Oracle Database 21.3 Enterprise
  • Oracle Database 19.23
  • Oracle MySQL Server 8.0.37
  • Oracle MySQL Server 8.4.0
  • Oracle ZFS Storage Appliance Kit 8.8
  • Oracle Database 21.14
  • Oracle Purchasing 12.2.3
  • Oracle Purchasing 12.2.13

Remediation

Refer to Oracle Critical Patch Update Advisory, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory