Request a Demo
Rewterz
Rewterz Threat Alert – Multiple GitHub Enterprise Server Vulnerabilities
January 18, 2024
Rewterz
Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 18, 2024

Rewterz Threat Alert – Multiple Oracle Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-20979 CVSS:5.4

An unspecified vulnerability in Oracle BI Publisher related to the Web Server component could allow a remote authenticated attacker to cause low confidentiality and low integrity impact.

CVE-2024-20987 CVSS:5.4

An unspecified vulnerability in Oracle BI Publisher related to the Web Server component could allow a remote authenticated attacker to cause low confidentiality and low integrity impact.

CVE-2024-20955 CVSS:3.7

An unspecified vulnerability in Oracle GraalVM for JDK and GraalVM Enterprise Edition related to the Compiler component could allow a remote attacker to cause low confidentiality impact.

CVE-2023-21901 CVSS:7.4

An unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure related to the Infrastructure component could allow a remote authenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.

CVE-2024-20920 CVSS:3.8

An unspecified vulnerability in Oracle Solaris related to the Filesystem component could allow a local authenticated attacker to cause low confidentiality impact.

Impact

  • Denial of Service
  • Information Theft

Indicators Of Compromise

CVE

  • CVE-2024-20979
  • CVE-2024-20987
  • CVE-2024-20955
  • CVE-2023-21901
  • CVE-2024-20920

Affected Vendors

Oracle

Affected Products

  • Oracle Solaris 11
  • Oracle BI Publisher 12.2.1.4.0
  • Oracle GraalVM Enterprise Edition 22.3.2
  • Oracle BI Publisher 6.4.0.0.0
  • Oracle GraalVM Enterprise Edition 21.3.8
  • Oracle GraalVM for JDK 17.0.9
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.7
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.8
  • Oracle Financial Services Analytical Applications Infrastructure 8.0.9
  • Oracle Financial Services Analytical Applications Infrastructure 8.1.0
  • Oracle Financial Services Analytical Applications Infrastructure 8.1.1
  • Oracle Financial Services Analytical Applications Infrastructure 8.1.2

Remediation

Refer to Oracle Security Advisory for patch, upgrade or suggested workaround information.

Oracle Security Advisory