July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
WordPress Sites May Be Subject to Remote Code Execution Due to Critical WPML Plugin Flaw
August 28, 2024Microsoft Sway Exploited by New QR Code Phishing Campaign to Steal Credentials – Active IOCs
August 28, 2024WordPress Sites May Be Subject to Remote Code Execution Due to Critical WPML Plugin Flaw
August 28, 2024Microsoft Sway Exploited by New QR Code Phishing Campaign to Steal Credentials – Active IOCs
August 28, 2024
Severity
Medium
Analysis Summary
CVE-2024-21128 CVSS:5.4
An unspecified vulnerability in Oracle Application Object Library related to the APIs component could allow a remote authenticated attacker to cause low confidentiality and low integrity impacts.
CVE-2024-21148 CVSS:4.8
An unspecified vulnerability in Oracle Applications Framework related to the Personalization component could allow a remote authenticated attacker to cause low confidentiality and low integrity impacts.
CVE-2024-21169 CVSS:6.5
An unspecified vulnerability in Oracle Marketing related to the Partners component could allow a remote attacker to cause low confidentiality and low integrity impacts.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-21128
- CVE-2024-21148
- CVE-2024-21169
Affected Vendors
Oracle
Affected Products
- Oracle Applications Framework 12.2.3
- Oracle Applications Framework 12.2.13
- Oracle Marketing 12.2.3
- Oracle Marketing 12.2.13
- Oracle Application Object Library 12.2.6
- Oracle Application Object Library 12.2.13
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.