Vulnerability in Oracle Fusion Middleware Affecting Outside In Technology
CVE-2024-20930

6.3MEDIUM

Key Information:

Vendor: Oracle
Status: Outside In Technology
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists within the Oracle Fusion Middleware's Outside In Technology, specifically impacting the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK in version 8.5.6. This flaw is easily exploitable by low-privileged attackers who have network access via HTTP, allowing them to compromise essential functionalities of Oracle Outside In Technology. Successful exploitation may lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized read access to certain datasets. Furthermore, the vulnerability offers an avenue for attackers to potentially induce a partial denial of service, impacting the availability of the affected systems. Organizations using this version of Oracle Outside In Technology are encouraged to apply security patches and updates to mitigate these risks.

Affected Version(s)

Outside In Technology 8.5.6

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023