cve/2024/CVE-2024-20995.md

### [CVE-2024-20995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20995)
![](https://img.shields.io/static/v1?label=Product&message=Database%20-%20Enterprise%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=19.3%3C%3D%2019.22%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20high%20privileged%20attacker%20having%20DBA%20privilege%20with%20network%20access%20via%20Oracle%20Net%20to%20compromise%20Oracle%20Database%20Sharding.%20%20Successful%20attacks%20require%20human%20interaction%20from%20a%20person%20other%20than%20the%20attacker.%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20unauthorized%20ability%20to%20cause%20a%20partial%20denial%20of%20service%20(partial%20DOS)%20of%20Oracle%20Database%20Sharding.&color=brighgreen)

### Description

Vulnerability in the Oracle Database Sharding component of Oracle Database Server.  Supported versions that are affected are 19.3-19.22 and  21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L).

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuapr2024.html
- https://www.oracle.com/security-alerts/cpuapr2024.html

#### Github
No PoCs found on GitHub currently.