CVE-2024-21139
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
EPSS 0.22% · 44.1th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | business_intelligence | 12.2.1.4.0, 7.6.0.0.0, 7.0.0.0.0 |
| Oracle Corporation | Business Intelligence Enterprise Edition | 7.6.0.0.0, 12.2.1.4.0, 7.0.0.0.0 |
Exploit Intelligence
- Oracle Advisory (circl)
Timeline
- Jul 16, 2024 CVE Published
- Jul 17, 2024 EPSS Score
- Aug 8, 2024 EPSS Score
- Aug 30, 2024 EPSS Score
- Sep 20, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 12, 2024 EPSS Score
- Nov 3, 2024 EPSS Score
- Nov 25, 2024 EPSS Score
- Dec 17, 2024 EPSS Score
- Jan 8, 2025 EPSS Score
- Jan 30, 2025 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-21139 advisory