CVE-2024-20909

Vulnerability in Oracle Audit Vault and Database Firewall component: Firewall. Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful...

CVE-2024-20911

CVE-2024-20911 affects Oracle Audit Vault and Database Firewall (Firewall component) with affected versions 20.1–20.9. The vulnerability allows an attacker with network access via Oracle Net and high privileges to read a subset of data, requiring user interaction and potentially impacting additio...

Oracle Patch Update, January 2024 Security Update Review

Oracle has released its first quarterly edition of Critical Patch Update, which contains patches for 389 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in a wide range of product families, includin...

CVE-2024-20912

Vulnerability in Oracle Audit Vault and Database Firewall component: Firewall. Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful...

Design/Logic Flaw

Vulnerability in Oracle Audit Vault and Database Firewall component: Firewall. Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While th...

Design/Logic Flaw

Vulnerability in Oracle Audit Vault and Database Firewall component: Firewall. Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful...

CVE-2024-20924

Oracle Audit Vault and Database Firewall (Firewall component) is affected in versions 20.1–20.9. The root cause is insufficient input validation in the Firewall, enabling a high-privilege attacker with network access via Oracle Net to compromise the system. Successful attacks require user interac...

CVE-2024-20912

Oracle Audit Vault and Database Firewall (Firewall component) versions 20.1–20.9 are affected. Root cause: insufficient input validation in the Firewall, enabling a high-privilege attacker with network access via Oracle Net to read/modify/delete data. Impact matches unauthorized updates/inserts/d...

CVE-2024-20910

CVE-2024-20910 affects Oracle Audit Vault and Database Firewall (Firewall component). Versions 20.1–20.9 are affected. The issue allows a high-privilege attacker with network access via Oracle Net to read data from the vault/firewall, with the attack surface potentially impacting related Oracle p...

CVE-2010-4449

Unspecified vulnerability in the Audit Vault component in Oracle Audit Vault 10.2.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from ...

Oracle Audit Vault av.action Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Audit Vault. Authentication is not required to exploit this vulnerability. The flaw exists within the av component which listens by default on TCP port 5700. When handling an action.execute...