#VU94533 Improper input validation in Oracle Database Server - CVE-2024-0397


Vulnerability identifier: #VU94533

Vulnerability risk: Low

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0397

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Database Server
Server applications / Database software

Vendor: Oracle

Description

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the OML4Py (Python) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Oracle Database Server: 21c - 23.10

External links
http://www.oracle.com/security-alerts/cpujul2024.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Secure Connect Gateway
Multiple vulnerabilities in Dell OpenManage Network Integration (OMNI)
SUSE update for SUSE Manager Salt Bundle
SUSE update for SUSE Manager Salt Bundle
SUSE update for SUSE Manager Salt Bundle
SUSE update for SUSE Manager Salt Bundle
SUSE update for SUSE Manager Salt Bundle
SUSE update for SUSE Manager Salt Bundle
SUSE update for SUSE Manager Salt Bundle
Multiple vulnerabilities in IBM CICS TX Advanced