Unauthorized Access Vulnerability in Oracle WebCenter Content by Oracle
CVE-2024-20928

6.1MEDIUM

Key Information:

Vendor
Oracle
Vendor
CVE Published:
16 January 2024

Summary

Oracle WebCenter Content, part of Oracle Fusion Middleware, is affected by an unauthorized access vulnerability that allows unauthenticated attackers with network access via HTTP to compromise the system. This vulnerability requires human interaction from a user other than the attacker, making exploitation more feasible under certain circumstances. While primarily affecting Oracle WebCenter Content, the potential for scope change means that successful exploitation could also impact other Oracle products. The vulnerability can lead to unauthorized read, update, insert, or delete access to sensitive data, which may significantly jeopardize the integrity and confidentiality of the system.

Affected Version(s)

WebCenter Content 12.2.1.4.0

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.