PT-2024-1159 · Oracle · Oracle Enterprise Manager Base Platform

Patryk Rejchert

Published

2024-01-16

Updated

2024-01-20

CVE-2024-20916

CVSS v3.1

8.3

High

Vector

AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5.0.0

Description The issue is related to insufficient input validation in the Event Management component. It allows a high-privileged attacker with access to the physical communication segment to compromise the Oracle Enterprise Manager Base Platform, potentially affecting additional products. Successful attacks can result in unauthorized access to critical data, modification or deletion of data, and partial denial of service.

Recommendations For version 13.5.0.0, update to a version that includes the fix for this issue, as the current version is vulnerable to exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-20

Related Identifiers

BDU:2024-00483

CVE-2024-20916

Affected Products

Oracle Enterprise Manager Base Platform

PT-2024-1159 · Oracle · Oracle Enterprise Manager Base Platform

CVE-2024-20916

Weakness Enumeration

Related Identifiers

Affected Products

References · 8