CVE-2024-20910

CVSS v3 3.0 LOW

3.0^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

V

ulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2024.html	Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2024.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*

History

03 Jun 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-200

21 Nov 2024, 08:53

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpujan2024.html - Patch, Vendor Advisory~~	() https://www.oracle.com/security-alerts/cpujan2024.html - Patch, Vendor Advisory

Information

Published : 2024-01-16 22:15

Updated : 2025-06-03 19:15

NVD link : CVE-2024-20910

Mitre link : CVE-2024-20910

CVE.ORG link : CVE-2024-20910

JSON object : View

Products Affected

audit_vault_and_database_firewall

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-20910", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.0, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2024-01-16T22:15:38.823", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de Oracle Net comprometa Oracle Audit Vault y Database Firewall. Si bien la vulnerabilidad est\u00e1 en Oracle Audit Vault y Database Firewall, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Audit Vault y Database Firewall. CVSS 3.1 Base Score 3.0 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)."}], "lastModified": "2025-06-03T19:15:35.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF47D26F-BC93-45E7-AC9B-5BA8A41FA378", "versionEndIncluding": "20.9", "versionStartIncluding": "20.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}