CVE-2024-21064

Summary

CVE-2024-21064 is a vulnerability that affects the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics, specifically the Analytics Web Answers component. The vulnerability is present in supported versions 7.0.0.0.0 and 12.2.1.4.0 and can be easily exploited by a low privileged attacker with network access via HTTP. Successful attacks require human interaction from someone other than the attacker, and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, it can also impact other products. Exploiting this vulnerability could lead to unauthorized access to and modification of Oracle Business Intelligence Enterprise Edition data, with a base score of 5.4 (Confidentiality and Integrity impacts) according to CVSS 3.1 rating system. To remediate this vulnerability, users should apply the necessary patches or updates provided by Oracle to fix the issue. It is crucial for organizations using Oracle Business Intelligence Enterprise Edition to promptly address this vulnerability to prevent unauthorized access and potential data breaches. The potential danger posed by this vulnerability lies in the unauthorized access and manipulation of sensitive data within Oracle Business Intelligence Enterprise Edition. This could result in significant data breaches, compromise of confidentiality and integrity, and potential financial or reputational damage for affected organizations if exploited successfully by an attacker.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.