CVE-2024-21254 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-21254 PUBLISHED CVSS 8.800000190734863 HIGH

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

EPSS 1.25% · 79.3th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.25%

79.3th percentile

Affected Products

Vendor	Product	Versions
Oracle Corporation	Oracle BI Publisher	7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0
oracle	bi_publisher	7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0

Timeline

Oct 15, 2024 CVE Published
Oct 16, 2024 EPSS Score
Oct 16, 2024 Coalition ESS Score
Oct 17, 2024 Coalition ESS Score
Oct 17, 2024 CVE Updated
Oct 18, 2024 Coalition ESS Score
Nov 3, 2024 EPSS Score
Nov 21, 2024 EPSS Score
Dec 10, 2024 EPSS Score
Dec 24, 2024 Coalition ESS Score
Dec 28, 2024 EPSS Score
Jan 15, 2025 EPSS Score

References

Oracle Advisory vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-21254 advisory

Open in Interactive Console →