CVE-2024-21254

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 15, 2024

Summary

CVE-2024-21254 is a vulnerability in the Oracle BI Publisher component of Oracle Analytics that affects versions 7.0.0.0.0, 7.6.0.0.0, and 12.2.1.4.0, allowing low-privileged attackers with HTTP network access to compromise the system. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high risks to confidentiality, integrity, and availability due to its easily exploitable nature and low attack complexity requirements. Successful exploitation can lead to a complete takeover of Oracle BI Publisher, posing significant security threats for organizations using these affected versions. Remediation steps include applying the latest security patches provided by Oracle as detailed in their security alerts documentation. Organizations are strongly advised to assess their configurations and implement necessary updates promptly to mitigate potential impacts from this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share