CVE-2024-21206

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions 11 through 13

Description The issue is related to insufficient input validation in the Diagnostics component of the Oracle Enterprise Command Center Framework. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks can result in unauthorized read access to a subset of accessible data.

Recommendations For versions 11 through 13, update to a version that includes the fix for this issue to prevent unauthorized access. As a temporary workaround, consider restricting access to the Diagnostics component until a patch is available. Avoid using the HTTP protocol to access the Oracle Enterprise Command Center Framework until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.