Vulnerability in Oracle Reports Developer of Oracle Fusion Middleware
CVE-2024-21133

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Reports Developer
Vendor: CVE Published:; 16 July 2024

Summary

A vulnerability exists in Oracle Reports Developer, part of the Oracle Fusion Middleware suite, which allows unauthenticated attackers with network access to potentially exploit the system via HTTP. Successful exploitation requires human interaction from a user other than the attacker, which broadens the scope of impact. This vulnerability may allow unauthorized modifications (updates, inserts, or deletions), as well as unauthorized access to certain data subsets available to Oracle Reports Developer. Given its nature, organizations utilizing this component should take proactive measures to mitigate potential risks associated with unauthorized data manipulation and access.

Affected Version(s)

Reports Developer 12.2.1.4.0

Reports Developer 12.2.1.19.0

References

https://www.oracle.com/security-alerts/cpujul2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2024