Vulnerability in Oracle Enterprise Manager Base Platform Host Management
CVE-2024-21067

8.8HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Manager Base Platform
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-21067?

A vulnerability has been identified in the Oracle Enterprise Manager Base Platform within the Host Management component. This flaw affects version 13.5.0.0 and allows low privileged attackers, who have access to the underlying infrastructure, to compromise the functionalities of the Oracle Enterprise Manager Base Platform. While the vulnerability is contained within this specific product, it poses a risk of significantly affecting additional products within the environment. Successful exploitation can lead to the takeover of the Oracle Enterprise Manager Base Platform, potentially impacting confidentiality, integrity, and availability of the affected systems.

Affected Version(s)

Enterprise Manager Base Platform 13.5.0.0

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024