Analysis Summary

CVE-2024-21058 CVSS:4.9

An unspecified vulnerability in Oracle Database Server related to the Unified Audit component could allow a remote authenticated attacker to cause a high integrity impact.

CVE-2024-21093 CVSS:5.3

An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow a remote authenticated attacker to cause a high confidentiality impact.

CVE-2024-20903 CVSS:6.5

An unspecified vulnerability in Oracle Database Server related to the Java VM component could allow a remote attacker to cause high integrity impact.

CVE-2024-21066 CVSS:4.2

An unspecified vulnerability in Oracle Database Server related to the RDBMS component could allow a remote authenticated attacker to cause a high confidentiality impact.

CVE-2024-21080 CVSS:6.5

An unspecified vulnerability in Oracle Applications Framework product of Oracle E-Business Suite related to the REST Services component could allow a remote authenticated attacker to cause high confidentiality impacts.

CVE-2024-21107 CVSS:6.7

An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2024-21109 CVSS:5.9

An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a remote attacker to cause high confidentiality impact.

CVE-2024-21106 CVSS:6.5

An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause high availability impact.

CVE-2024-21121 CVSS:6.5

An unspecified vulnerability in Oracle VM VirtualBox related to the Core component could allow a local authenticated attacker to cause high confidentiality impact.

CVE-2024-21001 CVSS:5.4

An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition product of Oracle Analytics related to the BI Platform Security could allow a remote authenticated attacker to cause low confidentiality and low integrity impacts.

CVE-2024-21064 CVSS:5.4

An unspecified vulnerability in Oracle Business Intelligence Enterprise Edition product of Oracle Analytics related to the Analytics Web Answers component could allow a remote authenticated attacker to cause low confidentiality and low integrity impacts.

CVE-2024-21099 CVSS:6.5

An unspecified vulnerability in Oracle Business Intelligence of Oracle Analytics related to the Data Visualization component could allow a remote authenticated attacker to cause a low confidentiality impact.

CVE-2024-21117 CVSS:5.3

An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.

CVE-2024-21118 CVSS:5.3

An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.

CVE-2024-21119 CVSS:5.3

An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.

CVE-2024-21120 CVSS:5.3

An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Core component could allow a local authenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.

CVE-2024-21100 CVSS:4

An unspecified vulnerability in Oracle Commerce Platform product of Oracle Commerce related to the Platform component could allow a remote attacker to cause low integrity impacts.

CVE-2024-21089 CVSS:6.5

An unspecified vulnerability in Oracle Concurrent Processing product of Oracle E-Business Suite related to the Import Utility component could allow a remote 

CVE-2024-21084 CVSS:5.8

An unspecified vulnerability in Oracle BI Publisher related to the Service Gateway component could allow a remote attacker to cause low confidentiality impact.

CVE-2024-21086 CVSS:4.3

An unspecified vulnerability in Oracle CRM Technical Foundation product of Oracle E-Business Suite related to the Preferences component could allow a remote attacker to cause low integrity impacts.

CVE-2024-20990 CVSS:5.3

An unspecified vulnerability in Oracle E-Business Suite related to the Templates component in the Applications Technology product could allow a remote attacker to cause low confidentiality impact.

Impact

• Information Obtained 
• Security Bypass
• Gain Access
• Denial of Service

Indicators of Compromise

CVE

• CVE-2024-21058
• CVE-2024-21093
• CVE-2024-20903
• CVE-2024-21066
• CVE-2024-21080
• CVE-2024-21107
• CVE-2024-21109
• CVE-2024-21106
• CVE-2024-21121
• CVE-2024-21001
• CVE-2024-21064
• CVE-2024-21099
• CVE-2024-21117
• CVE-2024-21118
• CVE-2024-21119
• CVE-2024-21120
• CVE-2024-21100
• CVE-2024-21089
• CVE-2024-21084
• CVE-2024-21086
• CVE-2024-20990

Affected Vendors

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory