CVE-2024-21190

Name of the Vulnerable Software and Affected Versions Oracle Global Lifecycle Management FMW Installer version 12.2.1.4.0

Description The issue is related to insufficient input validation in the Cloning component of the Oracle Global Lifecycle Management FMW Installer product. This allows an unauthenticated attacker with network access via SFTP to compromise the Oracle Global Lifecycle Management FMW Installer. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data.

Recommendations For version 12.2.1.4.0, consider restricting access to the Cloning component until a patch is available. As a temporary workaround, limit network access via SFTP to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.