CVE-2024-21251: 
Oracle Database Server vulnerability analysis and mitigation

Vulnerability in the Java VM component of Oracle Database Server affecting supported versions 19.3-19.24, 21.3-21.15, and 23.4-23.5. This vulnerability requires a low-privileged attacker with Create Session and Create Procedure privileges to have network access via Oracle Net to potentially compromise the Java VM (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 3.1, indicating a low severity level with integrity impacts. The CVSS Vector is (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N), which breaks down to: Network attack vector, High attack complexity, Low privileges required, No user interaction needed, Unchanged scope, No impact on confidentiality, Low impact on integrity, and No impact on availability (Oracle Advisory).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. The impact is limited to data integrity, with no effects on system confidentiality or availability (Oracle Advisory).

Oracle has addressed this vulnerability in the October 2024 Critical Patch Update. Users should apply the security patches to affected versions (19.3-19.24, 21.3-21.15, and 23.4-23.5) as soon as possible. Until patches can be applied, organizations should carefully manage Create Session and Create Procedure privileges to reduce the risk of exploitation (Oracle Advisory).