CVE-2024-21126 - OpenCVE

Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.oracle.com/security-alerts/cpujul2024.html

History

Thu, 29 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2024-07-16T22:39:52.158Z

Updated: 2024-08-29T19:26:29.803Z

Reserved: 2023-12-07T22:28:10.681Z

Link: CVE-2024-21126

Vulnrichment

Updated: 2024-08-01T22:13:42.700Z

NVD

Status : Awaiting Analysis

Published: 2024-07-16T23:15:12.177

Modified: 2024-08-29T20:36:00.437

Link: CVE-2024-21126

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21126", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2023-12-07T22:28:10.681Z", "datePublished": "2024-07-16T22:39:52.158Z", "dateUpdated": "2024-08-29T19:26:29.803Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2024-07-16T22:39:52.158Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Database - Enterprise Edition", "versions": [{"version": "19.3", "status": "affected", "lessThanOrEqual": "19.23", "versionType": "custom"}, {"version": "21.3", "status": "affected", "lessThanOrEqual": "21.14", "versionType": "custom"}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "baseScore": 5.8, "baseSeverity": "MEDIUM"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:13:42.700Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "name": "Oracle Advisory", "tags": ["vendor-advisory", "x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "affected": [{"vendor": "oracle", "product": "database", "cpes": ["cpe:2.3:a:oracle:database:-:*:*:*:enterprise:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "21.3", "status": "affected", "lessThanOrEqual": "21.14", "versionType": "custom"}, {"version": "19.3", "status": "affected", "lessThanOrEqual": "19.23", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T17:45:10.937095Z", "id": "CVE-2024-21126", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T19:26:29.803Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21126", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2023-12-07T22:28:10.681Z", "datePublished": "2024-07-16T22:39:52.158Z", "dateUpdated": "2024-08-29T19:26:29.803Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2024-07-16T22:39:52.158Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Database - Enterprise Edition", "versions": [{"version": "19.3", "status": "affected", "lessThanOrEqual": "19.23", "versionType": "custom"}, {"version": "21.3", "status": "affected", "lessThanOrEqual": "21.14", "versionType": "custom"}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "baseScore": 5.8, "baseSeverity": "MEDIUM"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:13:42.700Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2024.html", "name": "Oracle Advisory", "tags": ["vendor-advisory", "x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21126", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T17:45:10.937095Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:oracle:database:-:*:*:*:enterprise:*:*:*"], "vendor": "oracle", "product": "database", "versions": [{"status": "affected", "version": "21.3", "versionType": "custom", "lessThanOrEqual": "21.14"}, {"status": "affected", "version": "19.3", "versionType": "custom", "lessThanOrEqual": "19.23"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T20:55:45.790Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Database Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.23 and 21.3-21.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via DNS to compromise Oracle Database Portable Clusterware. While the vulnerability is in Oracle Database Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Portable Clusterware. CVSS 3.1 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)."}, {"lang": "es", "value": "Vulnerabilidad en el componente Oracle Database Portable Clusterware de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.23 y 21.3-21.14. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de DNS comprometa Oracle Database Portable Clusterware. Si bien la vulnerabilidad se encuentra en Oracle Database Portable Clusterware, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Database Portable Clusterware. CVSS 3.1 Puntuaci\u00f3n base 5.8 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)."}], "id": "CVE-2024-21126", "lastModified": "2024-08-29T20:36:00.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert_us@oracle.com", "type": "Primary"}]}, "published": "2024-07-16T23:15:12.177", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/cpujul2024.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}