Request a Demo
Rewterz
PatchWork APT Threat Actor Group – Active IOCs
July 19, 2024
Rewterz
Multiple IBM Products Vulnerabilities
July 19, 2024

Multiple Oracle Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-21183 CVSS:7.5

An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high confidentiality impact.

CVE-2024-21175 CVSS:7.5

An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high integrity impact.

CVE-2024-21182 CVSS:7.5

An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high confidentiality impact.

CVE-2024-21181 CVSS:9.8

An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high confidentiality, integrity and availability impact.

CVE-2024-21152 CVSS:8.1

An unspecified vulnerability in Oracle Process Manufacturing Financials related to the Allocation Rules component could allow a remote authenticated attacker to cause high confidentiality and high integrity impacts.

CVE-2024-21149 CVSS:8.1

An unspecified vulnerability in Oracle Enterprise Asset Management related to the Work Definition Issues component could allow a remote authenticated attacker to cause high confidentiality and high integrity impacts.

CVE-2024-21146 CVSS:8.1

An unspecified vulnerability in Oracle Trade Management related to the GL Accounts component could allow a remote authenticated attacker to cause high confidentiality and high integrity impacts.

CVE-2024-21153 CVSS:8.1

An unspecified vulnerability in Oracle Process Manufacturing Product Development related to the Quality Management Specs component could allow a remote authenticated attacker to cause high confidentiality and high integrity impacts.

CVE-2024-21167 CVSS:8.1

An unspecified vulnerability in Oracle Trading Community related to the Party Search UI component could allow a remote authenticated attacker to cause high confidentiality and high integrity impacts.

CVE-2024-21184 CVSS:7.2

An unspecified vulnerability in Oracle Database Server related to the Oracle Database RDBMS Security component could allow a remote authenticated attacker to cause high confidentiality, high integrity and high availability impacts.

Impact

  • Gain Access

Indicators of Compromise

CVE

  • CVE-2024-21183
  • CVE-2024-21175
  • CVE-2024-21182
  • CVE-2024-21181
  • CVE-2024-21152
  • CVE-2024-21149
  • CVE-2024-21146
  • CVE-2024-21153
  • CVE-2024-21167
  • CVE-2024-21184

Affected Vendors

Oracle

Affected Products

  • Oracle WebLogic Server 14.1.1.0.0
  • Oracle Trade Management 12.2.3
  • Oracle Trade Management 12.2.13
  • Oracle Database 19.3
  • Oracle Database 19.23
  • Oracle Trading Community 12.2.13
  • Oracle Trading Community 12.2.3
  • Oracle Process Manufacturing Financials 12.2.13
  • Oracle Process Manufacturing Financials 12.2.12
  • Oracle Enterprise Asset Management 12.2.13
  • Oracle Enterprise Asset Management 12.2.11

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.

Oracle Critical Patch Update Advisory