Oracle Fusion Middleware Security Flaw in Service Bus Component
CVE-2024-21205

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Service Bus
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability exists in the Oracle Service Bus component of Oracle Fusion Middleware, specifically in the OSB Core Functionality. This vulnerability affects version 12.2.1.4.0 and can be exploited by an attacker with low privileges and network access through HTTP. If successfully exploited, it could allow the attacker to gain unauthorized access to sensitive data or potentially the entire dataset accessible via the Oracle Service Bus. Organizations using this version are urged to review their security measures and apply patches provided by Oracle to mitigate risks associated with this vulnerability.

Affected Version(s)

Oracle Service Bus 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023