Severity: Critical
CVSS Score: 6.7
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle Spatial and Graph (libcurl2) component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Spatial and Graph (libcurl2). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Spatial and Graph (libcurl2). (CVE-2024-7264) - Vulnerability in the Oracle Database Security (OpenSSL) component of Oracle Database Server. Supported versions that are affected are 23.4-23.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Database Security (OpenSSL). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Security (OpenSSL). (CVE-2024-5535, CVE-2024-6119) - Vulnerability in the Fleet Patching and Provisioning - Micronaut (Netty) component of Oracle Database Server. Supported versions that are affected are 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via HTTP to compromise Fleet Patching and Provisioning - Micronaut (Netty). Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Fleet Patching and Provisioning - Micronaut (Netty). (CVE-2024-29025) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.