CVE-2024-20995

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.22 Oracle Database Server versions 21.3 through 21.13

Description: The issue is related to insufficient input validation in the Oracle Database Sharding component. It allows a high-privileged attacker with DBA privilege and network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized ability to cause a partial denial of service of Oracle Database Sharding.

Recommendations: For versions 19.3 through 19.22, update to a version that includes the fix for this issue. For versions 21.3 through 21.13, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Oracle Database Sharding component to minimize the risk of exploitation.