CVE-2024-20930

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20930
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2024.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*
History

20 Jan 2024, 18:36

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Oracle
Oracle outside In Technology
CPE cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*
References () https://www.oracle.com/security-alerts/cpujan2024.html - () https://www.oracle.com/security-alerts/cpujan2024.html - Patch, Vendor Advisory
Summary
  • (es) Vulnerabilidad en el producto Oracle Outside In Technology de Oracle Fusion Middleware (componente: SDK de acceso a contenido, SDK de exportación de imágenes, SDK de exportación de PDF, SDK de exportación HTML). La versión compatible afectada es la 8.5.6. Una vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios y acceso a la red a través de HTTP comprometer la tecnología Oracle Outside In. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualización, inserción o eliminación no autorizada del acceso a algunos de los datos accesibles de Oracle Outside In Technology, así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Outside In Technology y la capacidad no autorizada de causar una denegación parcial de servicio. (DOS parcial) de Oracle Outside In Technology. CVSS 3.1 Puntuación base 6.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

16 Jan 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-16 22:15

Updated : 2024-01-20 18:36

NVD link : CVE-2024-20930

Mitre link : CVE-2024-20930

CVE.ORG link : CVE-2024-20930

JSON object : View

Products Affected

oracle

  • outside_in_technology
CWE
NVD-CWE-noinfo