CVE-2024-20903

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 19.3 through 19.21 Oracle Database Server versions 21.3 through 21.12

Description The issue is related to insufficient input validation in the Java VM component of Oracle Database Server. This can be exploited by a remote attacker with low privileges, who has Create Session and Create Procedure privileges with network access via Oracle Net, to compromise the Java VM. Successful attacks can result in unauthorized access to critical data or all Java VM accessible data, allowing for creation, deletion, or modification.

Recommendations For versions 19.3 through 19.21, update to a version outside of this range to mitigate the risk. For versions 21.3 through 21.12, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting network access via Oracle Net to minimize the risk of exploitation. Restrict Create Session and Create Procedure privileges to low-privileged attackers to reduce the risk of Java VM compromise.