CVE-2024-20910

Name of the Vulnerable Software and Affected Versions Oracle Audit Vault and Database Firewall versions 20.1 through 20.9

Description The issue is related to insufficient input validation in the Firewall component of Oracle Audit Vault and Database Firewall, allowing a remote attacker to gain unauthorized access to protected information. The vulnerability is difficult to exploit and requires high privileges and network access via Oracle Net. Successful attacks can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. The vulnerability may also impact additional products.

Recommendations For versions 20.1 through 20.9, consider restricting access to the Firewall component until a patch is available. As a temporary workaround, limit network access via Oracle Net to minimize the risk of exploitation. Avoid using the vulnerable Firewall component in the Oracle Audit Vault and Database Firewall until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.