Lucene search

K
cve[email protected]CVE-2024-21091
HistoryApr 16, 2024 - 10:15 p.m.

CVE-2024-21091

2024-04-1622:15:29
web.nvd.nist.gov
31
oracle agile product
lifecycle management
unauthorized access

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Affected configurations

Vulners
Node
oracleagile_product_lifecycle_management_for_processRange6.2.4.2
VendorProductVersionCPE
oracleagile_product_lifecycle_management_for_process*cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Agile Product Lifecycle Management for Process",
    "cpes": [
      "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.4.2:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "6.2.4.2",
        "status": "affected"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

Related for CVE-2024-21091