Vulnerability in Oracle WebCenter Sites Affects Oracle Fusion Middleware
CVE-2024-20908

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: WebCenter Sites
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists in Oracle WebCenter Sites, a component of Oracle Fusion Middleware, which permits an unauthenticated attacker with network access via HTTP to exploit the system. The vulnerability impacts version 12.2.1.4.0, enabling potential unauthorized updates, inserts, or deletions of data, along with unauthorized read access to certain data. Exploitation requires human interaction from individuals other than the attacker, leading to potentially significant effects on the wider Oracle ecosystem. Organizations are encouraged to evaluate their defenses against this vulnerability to mitigate risks related to data integrity and confidentiality.

Affected Version(s)

WebCenter Sites 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023