Vulnerability in Oracle Enterprise Manager Base Platform Component: Event Management
CVE-2024-20916

8.3HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Manager Base Platform
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists within the Oracle Enterprise Manager Base Platform, specifically related to the Event Management component. This vulnerability affects version 13.5.0.0, enabling a high privileged attacker with access to the physical communication segment of the hardware to exploit the Oracle Enterprise Manager Base Platform. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as gaining unauthorized access to all data accessible by the Oracle Enterprise Manager Base Platform. Additionally, the attacker may cause a partial denial of service, impacting the system's functionality. Given the potential wide-reaching implications of this vulnerability, surrounding products may also face heightened risks.

Affected Version(s)

Enterprise Manager Base Platform 13.5.0.0

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023