Vulnerability in Oracle Enterprise Manager Base Platform Log Management Component
CVE-2024-20917

7.5HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Manager Base Platform
Vendor: CVE Published:; 17 February 2024

Summary

A vulnerability exists in the Log Management component of Oracle's Enterprise Manager Base Platform that could be exploited by an unauthenticated attacker with network access via HTTP. This vulnerability requires interaction from a user other than the attacker to be successfully exploited. While the primary impact is on the Oracle Enterprise Manager Base Platform, there may be significant implications for other connected products. Successful exploitation can lead to unauthorized access to sensitive data, including the ability to read, modify, or delete critical information. Additionally, it gives the attacker the potential to initiate a partial denial of service, disrupting the functionality of the Oracle Enterprise Manager Base Platform.

Affected Version(s)

Enterprise Manager Base Platform 13.5.0.0

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Dec 7, 2023