Severity: Critical
CVSS Score: 6.7
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Vulnerability in the RDBMS (Python) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Easily exploitable vulnerability allows low privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise RDBMS (Python). Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of RDBMS (Python). (CVE-2023-36632) - Vulnerability in the Grid Infrastructure (Apache Mina SSHD) component of Oracle Database Server. Supported versions that are affected are 21.3-21.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Grid Infrastructure (Apache Mina SSHD). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Grid Infrastructure (Apache Mina SSHD) accessible data. (CVE-2023-48795) - Vulnerability in the Oracle SQLcl (Apache Mina SSHD) component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSH to compromise Oracle SQLcl (Apache Mina SSHD). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle SQLcl (Apache Mina SSHD) accessible data. (CVE-2023-48795) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.