CVE-2024-20916

CWE-284 — Improper Access Control4 documents4 sources

Severity

8.3HIGH

EPSS

0.2%

top 56.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Enterprise Manager Base Platform Oracle Enterprise Manager

Timeline

PublishedJan 16

Latest updateJan 17

Description

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Plat…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:LExploitability: 1.7 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5oracle_corporation/enterprise_manager_base_platform13.5.0.0

▶NVDoracle/enterprise_manager13.5.0.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-3x82-g63q-53gm: Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management)↗2024-01-17

▶

CVEList

CVE-2024-20916: Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management)↗2024-01-16

▶

📋Vendor Advisories

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: Event Management — CVE-2024-20916↗2024-01-15

▶