CVE-2024-21064

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Apr 16, 2024
Updated: Apr 17, 2024

Summary

CVE-2024-21064 is a vulnerability that affects the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics, specifically the Analytics Web Answers component. The vulnerability is present in supported versions 7.0.0.0.0 and 12.2.1.4.0 and can be easily exploited by a low privileged attacker with network access via HTTP. Successful attacks require human interaction from someone other than the attacker, and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, it can also impact other products. Exploiting this vulnerability could lead to unauthorized access to and modification of Oracle Business Intelligence Enterprise Edition data, with a base score of 5.4 (Confidentiality and Integrity impacts) according to CVSS 3.1 rating system.

To remediate this vulnerability, users should apply the necessary patches or updates provided by Oracle to fix the issue. It is crucial for organizations using Oracle Business Intelligence Enterprise Edition to promptly address this vulnerability to prevent unauthorized access and potential data breaches.

The potential danger posed by this vulnerability lies in the unauthorized access and manipulation of sensitive data within Oracle Business Intelligence Enterprise Edition. This could result in significant data breaches, compromise of confidentiality and integrity, and potential financial or reputational damage for affected organizations if exploited successfully by an attacker.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-21064 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options