CVE-2024-21258

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 15, 2024

Summary

CVE-2024-21258 is a vulnerability affecting the Oracle Installed Base component of the Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This easily exploitable flaw allows an unauthenticated attacker with network access via HTTP to gain unauthorized read access to certain data within the Oracle Installed Base. The vulnerability has a CVSS 3.1 base score of 5.3, indicating low confidentiality impact but medium overall severity, with no required privileges or user interaction for exploitation. Organizations using affected versions should apply security updates provided by Oracle to remediate this issue and mitigate potential data leaks. Failure to address this vulnerability could expose sensitive information and compromise data integrity within an organization’s systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share