CVE-2024-21233: 
Oracle Database Server vulnerability analysis and mitigation

A vulnerability (CVE-2024-21233) has been identified in the Oracle Database Core component of Oracle Database Server. The affected versions include 19.3-19.24, 21.3-21.15, and 23.4-23.5. This vulnerability allows low-privileged attackers with Create Session privilege to potentially compromise the Oracle Database Core through network access via Oracle Net (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.3 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and unchanged scope (S:U). The vulnerability primarily impacts integrity (I:L) with no effects on confidentiality or availability (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Core accessible data. The impact is limited to data integrity, with no reported effects on system confidentiality or availability (Oracle CPU).

Oracle has released security patches as part of the October 2024 Critical Patch Update to address this vulnerability. It is strongly recommended that customers apply these security patches as soon as possible. The patches are available for affected versions 19.3-19.24, 21.3-21.15, and 23.4-23.5 (Oracle CPU).