CVE-2024-26308
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
EPSS 0.39% · 60.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Construction and Engineering <=21.12.17 | |
| Xerox | Xerox FreeFlow Print Server v9 | |
| Oracle | Oracle Financial Services Applications 8.0.8.3 | |
| IBM | IBM FileNet Content Manager 5.5.8 | |
| Oracle | Oracle Communications 5.0 | |
| Oracle | Oracle Financial Services Applications 3.0.0.0.0 | |
| Oracle | Oracle Communications 4.2.0 | |
| Oracle | Oracle Communications 14.0.0.1 | |
| Oracle | Oracle Communications 24.2.0 | |
| Oracle | Oracle PeopleSoft 8.60 | |
| Oracle | Oracle Communications <=9.1.1.8.0 | |
| Oracle | Oracle Financial Services Applications 3.2.0.0.0 | |
| Oracle | Oracle Financial Services Applications 12.1.0.0.0 | |
| Oracle | Oracle Financial Services Applications 8.0.8 | |
| Oracle | Oracle Communications Applications 7.4.2 | |
| Oracle | Oracle Communications 23.2.2 | |
| Splunk | Splunk Splunk Enterprise <9.1.7 | |
| Oracle | Oracle Financial Services Applications 8.0.7 | |
| Oracle | Oracle Communications 23.2.0 | |
| Oracle | Oracle Retail Applications 16.0.3 |
…and 189 more
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog (certbund)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
- Docker Deskop giving issue CVE-2024-26308 for maven [reproduce] (github-poc)
…and 21 more exploits
Timeline
- CVE Published
- Oct 23, 2018 PoC Published
- Feb 20, 2024 EPSS Score
- Mar 18, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 3, 2024 EPSS Score
- Jul 30, 2024 EPSS Score
- Aug 26, 2024 EPSS Score
- Sep 22, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 19, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0414.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0414 advisory
- https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg advisory
- https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-26308 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-25710 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2024-February/018073.html advisory
- https://www.ibm.com/support/pages/node/7142168 advisory
- https://alas.aws.amazon.com/AL2/ALAS-2024-2493.html advisory
- https://www.ibm.com/support/pages/node/7144238 advisory
- https://access.redhat.com/errata/RHSA-2024:1509 advisory
- https://access.redhat.com/errata/RHSA-2024:1662 advisory
- https://access.redhat.com/errata/RHSA-2024:1923 advisory
- https://access.redhat.com/errata/RHSA-2024:1924 advisory
- https://access.redhat.com/errata/RHSA-2024:1797 advisory
- https://access.redhat.com/errata/RHSA-2024:1948 advisory
- https://access.redhat.com/errata/RHSA-2024:2833 advisory
- https://www.ibm.com/support/pages/node/7154409 advisory
- https://www.ibm.com/support/pages/node/7149302 advisory
- https://access.redhat.com/errata/RHSA-2024:3527 advisory
…and 115 more