CVE-2024-20943
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-20943 is a vulnerability affecting Oracle E-Business Suite's Internal Operations component, specifically the Oracle Knowledge Management product. Versions 12.2.3 to 12.2.13 are at risk. This easily exploitable issue enables a low-privileged attacker to gain unauthorized access via HTTP, compromising the Oracle Knowledge Management system. Human interaction is required for successful attacks, and the impact may extend to additional products. Successful exploits can result in unauthorized modification or deletion of data, as well as unauthorized reading of a subset of data. The Base Score, according to the Common Vulnerability Scoring System (CVSS), is 5.4, with impacts on both confidentiality and integrity. The CVSS Vector is: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Oracle Knowledge Management
Affected Vendors
- BonqDAO
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions