CVE-2024-21246

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 15, 2024

Summary

CVE-2024-21246 is a vulnerability affecting the Oracle Service Bus component of Oracle Fusion Middleware, specifically version 12.2.1.4.0. This easily exploitable flaw allows unauthenticated attackers with network access via HTTP to potentially gain unauthorized access to sensitive data or complete access to all data accessible through Oracle Service Bus, posing a significant confidentiality risk with a CVSS base score of 7.5. To remediate this vulnerability, organizations are advised to apply the latest patches provided by Oracle as detailed in their security alerts. The low attack complexity and lack of required privileges make this vulnerability particularly concerning for organizations using the affected software. If exploited, it could lead to severe implications for data security within the organization.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share