CVE-2024-20928

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 12.2.1.4.0

Description The issue is related to insufficient input validation in the Content Server component of Oracle WebCenter Content, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data.

Recommendations For version 12.2.1.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Content Server component to minimize the risk of exploitation. Avoid using the system until the issue is resolved or a patch is available.