CVE-2024-21246

Name of the Vulnerable Software and Affected Versions Oracle Service Bus versions 12.2.1.4.0

Description The issue is related to a vulnerability in the Oracle Service Bus product, specifically in the OSB Core Functionality component. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus, resulting in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. The vulnerability is associated with weaknesses in the authorization procedure.

Recommendations For version 12.2.1.4.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.