Remote Code Execution Vulnerability in Oracle Service Bus
CVE-2024-21246

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Service Bus
Vendor: CVE Published:; 15 October 2024

Summary

A serious vulnerability has been identified in the Oracle Service Bus, specifically within the OSB Core Functionality of Oracle Fusion Middleware version 12.2.1.4.0. This flaw can be easily exploited by an unauthenticated attacker who has network access through HTTP. If successfully executed, this vulnerability could grant the attacker unauthorized access to sensitive and critical data stored within the Oracle Service Bus environment. The potential for complete data access emphasizes the urgent need for organizations using the affected version to implement the recommended security patches to safeguard their data integrity and confidentiality.

Affected Version(s)

Oracle Service Bus 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023