CVE-2024-21117

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Configurations

No configuration.

History

21 Nov 2024, 19:15

Type Values Removed Values Added
CWE CWE-922
CWE-77
References () https://www.oracle.com/security-alerts/cpuapr2024.html - () https://www.oracle.com/security-alerts/cpuapr2024.html -

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Outside In Technology de Oracle Fusion Middleware (componente: Outside In Core). Las versiones compatibles que se ven afectadas son 8.5.6 y 8.5.7. Una vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios iniciar sesión en la infraestructura donde se ejecuta Oracle Outside In Technology para comprometer Oracle Outside In Technology. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualización, inserción o eliminación no autorizada del acceso a algunos de los datos accesibles de Oracle Outside In Technology, así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Outside In Technology y la capacidad no autorizada de causar una denegación parcial de servicio. (DOS parcial) de Oracle Outside In Technology. CVSS 3.1 Puntuación base 5.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

16 Apr 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-16 22:15

Updated : 2024-11-21 19:15


NVD link : CVE-2024-21117

Mitre link : CVE-2024-21117

CVE.ORG link : CVE-2024-21117


JSON object : View

Products Affected

No product.

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-922

Insecure Storage of Sensitive Information