vulnerability
Oracle Database: Critical Patch Update - July 2024 (CVE-2024-21174)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:N/A:P) | Jul 16, 2024 | Jul 29, 2024 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Published
Jul 16, 2024
Added
Jul 29, 2024
Modified
Aug 11, 2025
Description
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.23, 21.3-21.14 and 23.4. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L).
Solution
oracle-apply-jul-2024-cpu
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.