How severe is CVE-2024-20911?

This vulnerability has a severity rating of LOW with a CVSS score of 2.6 out of 10.

What type of vulnerability is CVE-2024-20911?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-20911 - LOW Severity | CVSS 2.6

Vulnerability Description

Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N).

Related Vulnerabilities

CVE-2025-47794

LOW

CVSS:2.6(Low)

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 3...

CWE-2842025

CVE-2015-7473

LOW

CVSS:2.5(Low)

runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.

CWE-2842015

CVE-2018-20938

LOW

CVSS:2.7(Low)

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).

CWE-2842018

CVE-2021-46270

LOW

CVSS:2.7(Low)

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation.

CWE-2842021

CVE-2022-38377

LOW

CVSS:2.7(Low)

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0...

CWE-2842022

CVE-2023-26596

LOW

CVSS:2.5(Low)

Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable denial of service via local access.

CWE-2842023