STOP aka DJVU Ransomware – Active IOCs
April 22, 2024Multiple Oracle MySql Server Vulnerabilities
April 22, 2024STOP aka DJVU Ransomware – Active IOCs
April 22, 2024Multiple Oracle MySql Server Vulnerabilities
April 22, 2024Severity
Medium
Analysis Summary
CVE-2024-21058 CVSS:4.9
An unspecified vulnerability in Oracle Database Server related to the Unified Audit component could allow a remote authenticated attacker to cause a high integrity impact.
CVE-2024-21093 CVSS:5.3
An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow a remote authenticated attacker to cause a high confidentiality impact.
CVE-2024-20903 CVSS:6.5
An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow a remote attacker to cause high integrity impact.
CVE-2024-21066 CVSS:4.2
An unspecified vulnerability in Oracle Database Server related to the RDBMS component could allow a remote authenticated attacker to cause a high confidentiality impact.
CVE-2024-21080 CVSS:6.5
An unspecified vulnerability in Oracle Applications Framework product of Oracle E-Business Suite related to the REST Services component could allow a remote authenticated attacker to cause high confidentiality impacts.
CVE-2024-21107 CVSS:6.7
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2024-21109 CVSS:5.9
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a remote attacker to cause high confidentiality impact.
CVE-2024-21106 CVSS:6.5
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause high availability impact.
CVE-2024-21121 CVSS:6.5
An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause high confidentiality impact.
CVE-2024-21001 CVSS:5.4
An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition product of Oracle Analytics related to the BI Platform Security could allow a remote authenticated attacker to cause low confidentiality and low integrity impacts.
CVE-2024-21064 CVSS:5.4
An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition product of Oracle Analytics related to the Analytics Web Answers component could allow a remote authenticated attacker to cause low confidentiality and low integrity impacts.
CVE-2024-21099 CVSS:6.5
An unspecified vulnerability in Oracle Business Intelligence of Oracle Analytics related to the Data Visualization component could allow a remote authenticated attacker to cause a low confidentiality impact.
CVE-2024-21117 CVSS:5.3
An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVE-2024-21118 CVSS:5.3
An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVE-2024-21119 CVSS:5.3
An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVE-2024-21120 CVSS:5.3
An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVE-2024-21100 CVSS:4
An unspecified vulnerability in Oracle Commerce Platform product of Oracle Commerce related to the Platform component could allow a remote attacker to cause low integrity impacts.
CVE-2024-21089 CVSS:6.5
An unspecified vulnerability in Oracle Concurrent Processing product of Oracle E-Business Suite related to the Import Utility component could allow a remote
CVE-2024-21084 CVSS:5.8
An unspecified vulnerability in Oracle BI Publisher related to the Service Gateway component could allow a remote attacker to cause low confidentiality impact.
CVE-2024-21086 CVSS:4.3
An unspecified vulnerability in Oracle CRM Technical Foundation product of Oracle E-Business Suite related to the Preferences component could allow a remote attacker to cause low integrity impacts.
CVE-2024-20990 CVSS:5.3
An unspecified vulnerability in Oracle E-Business Suite related to the Templates component in the Applications Technology product could allow a remote attacker to cause low confidentiality impact.
Impact
- Information Obtained
- Security Bypass
- Gain Access
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-21058
- CVE-2024-21093
- CVE-2024-20903
- CVE-2024-21066
- CVE-2024-21080
- CVE-2024-21107
- CVE-2024-21109
- CVE-2024-21106
- CVE-2024-21121
- CVE-2024-21001
- CVE-2024-21064
- CVE-2024-21099
- CVE-2024-21117
- CVE-2024-21118
- CVE-2024-21119
- CVE-2024-21120
- CVE-2024-21100
- CVE-2024-21089
- CVE-2024-21084
- CVE-2024-21086
- CVE-2024-20990
Affected Vendors
Affected Products
- Oracle E-Business Suite 12.2.3
- Oracle BI Publisher 12.2.1.4.0
- Oracle Outside In Technology 8.5.6
- Oracle Database Server 21.3
- Oracle VM VirtualBox 7.0.10
- Oracle Database Server 19.21
- Oracle Database Server 21.12
- Oracle BI Publisher 7.0.0.0.0
- Oracle Database 19.3
- Oracle Database 19.22
- Oracle Database 21.13 Enterprise
- Oracle Applications Framework 12.2.9
- Oracle Applications Framework 12.2.13
- Oracle Business Intelligence 7.0.0.0.0
- Oracle Business Intelligence 12.2.1.4.0
- Oracle Outside In Technology 8.5.7
- Oracle Commerce Platform 11.3.0
- Oracle Commerce Platform 11.3.1
- Oracle Commerce Platform 11.3.2
- Oracle Concurrent Processing 12.2.3
- Oracle Concurrent Processing 12.2.13
- Oracle CRM Technical Foundation 12.2.13
- Oracle CRM Technical Foundation 12.2.3
- Oracle E-Business Suite 12.2.13
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.