Content Integration Vulnerability in Oracle WebCenter Portal by Oracle
CVE-2024-20992

4.4MEDIUM

Key Information:

Vendor: Oracle
Status: Webcenter Portal
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability has been identified in Oracle WebCenter Portal, a part of Oracle Fusion Middleware, specifically within its Content Integration component. This issue could be exploited by low-privileged attackers with network access via HTTP, requiring human interaction from a third party for successful exploitation. Although primarily affecting Oracle WebCenter Portal, the implications of this vulnerability could expand its impact to additional connected products. Successful attacks may lead to unauthorized updates, inserts, or deletions of accessible data within the Oracle WebCenter Portal, as well as unauthorized read access to sensitive data subsets.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024