CVE-2024-21190

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21190
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuoct2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
History

18 Oct 2024, 18:56

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.1 		v2 : unknown
v3 : 7.5

18 Oct 2024, 14:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 9.1
References () https://www.oracle.com/security-alerts/cpuoct2024.html - () https://www.oracle.com/security-alerts/cpuoct2024.html - Vendor Advisory
CPE cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Oracle fusion Middleware
Oracle

16 Oct 2024, 16:38

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Global Lifecycle Management FMW Installer de Oracle Fusion Middleware (componente: Cloning). La versión compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante no autenticado con acceso a la red a través de SFTP ponga en peligro Oracle Global Lifecycle Management FMW Installer. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la creación, eliminación o modificación no autorizada de datos críticos o de todos los datos accesibles de Oracle Global Lifecycle Management FMW Installer. Puntuación base de CVSS 3.1: 7,5 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

15 Oct 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-15 20:15

Updated : 2024-10-18 18:56

NVD link : CVE-2024-21190

Mitre link : CVE-2024-21190

CVE.ORG link : CVE-2024-21190

JSON object : View

Products Affected

oracle

  • fusion_middleware
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024