CVE-2024-21169

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21169
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujul2024.html
https://www.oracle.com/security-alerts/cpujul2024.html
Configurations

No configuration.

History

21 Nov 2024, 08:53

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpujul2024.html - () https://www.oracle.com/security-alerts/cpujul2024.html -

01 Aug 2024, 13:46

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Marketing de Oracle E-Business Suite (componente: Partners). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad fácilmente explotable permite que un atacante no autenticado con acceso a la red a través de HTTP comprometa Oracle Marketing. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserción o eliminación de algunos de los datos accesibles de Oracle Marketing, así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Marketing. CVSS 3.1 Puntaje base 6.5 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
CWE CWE-284

16 Jul 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-16 23:15

Updated : 2024-11-21 08:53

NVD link : CVE-2024-21169

Mitre link : CVE-2024-21169

CVE.ORG link : CVE-2024-21169

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024