Vulnerability in Oracle Fusion Middleware’s WebLogic Management Component
CVE-2024-21192

4.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Enterprise Manager For Fusion Middleware
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability exists in Oracle Enterprise Manager for Fusion Middleware, specifically within the WebLogic Management component. This flaw enables an attacker, who possesses login credentials, to exploit the system easily. It allows unauthorized access to sensitive information or total control over data accessible through the Oracle Enterprise Manager for Fusion Middleware. Such breaches pose a significant risk to organizations relying on Oracle's solutions for their enterprise operations.

Affected Version(s)

Oracle Enterprise Manager for Fusion Middleware 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023