admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-209xx/CVE-2024-20910.json
cad-safe-bot 009529a202 Auto-Update: 2024-01-23T21:00:24.899047+00:00
2024-01-23 21:00:28 +00:00

82 lines
3.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-20910",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:38.823",
"lastModified": "2024-01-23T19:42:19.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en Oracle Audit Vault y Database Firewall (componente: Firewall). Las versiones compatibles que se ven afectadas son 20.1-20.9. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de Oracle Net comprometa Oracle Audit Vault y Database Firewall. Si bien la vulnerabilidad est\u00e1 en Oracle Audit Vault y Database Firewall, los ataques pueden afectar significativamente a productos adicionales (scope change). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Audit Vault y Database Firewall. CVSS 3.1 Base Score 3.0 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.0,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:audit_vault_and_database_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.1",
"versionEndIncluding": "20.9",
"matchCriteriaId": "EF47D26F-BC93-45E7-AC9B-5BA8A41FA378"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink