CVE-2024-21133
published 2024-07-16CVE-2024-21133: Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet). Supported versions that are affected are 12.2.1.4.0 and…
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.32%
23.8th percentile
Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet). Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | reports_developer | — | — |
| oracle | reports_developer | — | — |
| oracle_corporation | reports_developer | — | — |
| oracle_corporation | reports_developer | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_oracle6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3fxm-wcm7-47r2: Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet)
ghsa_unreviewed·2024-07-17
CVE-2024-21133 [MEDIUM] CWE-79 GHSA-3fxm-wcm7-47r2: Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet)
Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Servlet). Supported versions that are affected are 12.2.1.4.0 and 12.2.1.19.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.1 Base Score 6.1 (Confidentia
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Servlet — CVE-2024-21133
vendor_oracle·2024-07-15·CVSS 6.1
CVE-2024-21133 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: Servlet — CVE-2024-21133
Oracle Oracle Fusion Middleware Risk Matrix: Servlet vulnerability
CVE: CVE-2024-21133
CVSS: 6.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2024 (JUL 2024)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-16
Published