CVE-2024-21188

Опубликовано: 16 июл. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 6.0.0.0.0 and 6.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impac

Ссылки

https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2024.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.0.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01134

Низкий

6.1 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-79

Связанные уязвимости

GHSA-8754-873p-mcq7

CVSS3: 6.1

github

больше 1 года назад

BDU:2025-00119

CVSS3: 6.1

fstec

около 2 лет назад

Уязвимость компонента Chatbot системы управления доходами Oracle Financial Services Revenue Management and Billing, позволяющая нарушителю получить несанкционированный доступ на чтение, добавление, изменение или удаление данных

EPSS

Процентиль: 78%

0.01134

Низкий

6.1 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-79