CVE-2024-21261

Summary

CVE-2024-21261 identifies a vulnerability in Oracle Application Express, affecting supported versions 23.2 and 24.1. This security flaw allows low-privileged attackers with HTTP network access to potentially compromise the application, leading to unauthorized updates, inserts, or deletions of data, as well as unauthorized read access to certain accessible data. The CVSS 3.1 base score for this vulnerability is 4.9, indicating medium severity with low impacts on confidentiality and integrity. Remediation strategies include applying the latest security patches provided by Oracle as outlined in their security alert documentation. Organizations are advised to address this vulnerability promptly due to its potential to affect not only Oracle Application Express but also other connected products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.