CVE-2024-21258

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21258
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuoct2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:installed_base:*:*:*:*:*:*:*:*
History

06 Nov 2024, 22:56

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:oracle:installed_base:*:*:*:*:*:*:*:*
First Time Oracle installed Base
Oracle
References () https://www.oracle.com/security-alerts/cpuoct2024.html - () https://www.oracle.com/security-alerts/cpuoct2024.html - Vendor Advisory

16 Oct 2024, 15:35

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Installed Base de Oracle E-Business Suite (componente: Interfaz de usuario). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante no autenticado con acceso a la red a través de HTTP ponga en peligro Oracle Installed Base. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Installed Base. Puntuación base de CVSS 3.1: 5,3 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CWE CWE-922

15 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-15 20:15

Updated : 2024-11-06 22:56

NVD link : CVE-2024-21258

Mitre link : CVE-2024-21258

CVE.ORG link : CVE-2024-21258

JSON object : View

Products Affected

oracle

  • installed_base
CWE
NVD-CWE-noinfo CWE-922

Insecure Storage of Sensitive Information