CVE-2024-21192

MEDIUM

Oracle Enterprise Manager <12.2.1.4.0 - Privilege Escalation

Title source: llm

Description

Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.oracle.com/security-alerts/cpuoct2024.html

Scores

CVSS v3 4.4

EPSS 0.0016

EPSS Percentile 36.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

oracle/fusion_middleware 12.2.1.4.0

Published Oct 15, 2024

Tracked Since Feb 18, 2026