8.8
CVE-2024-21254
- EPSS 0.48%
- Veröffentlicht 15.10.2024 20:15:15
- Zuletzt bearbeitet 18.10.2024 17:05:58
- Quelle secalert_us@oracle.com
- Teams Watchlist Login
- Unerledigt Login
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Bi Publisher Version7.0.0.0.0
Oracle ≫ Bi Publisher Version7.6.0.0.0
Oracle ≫ Bi Publisher Version12.2.1.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.638 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert_us@oracle.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.