July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Edge Chromium-based Vulnerabilities
October 18, 2024SmokeLoader Malware – Active IOCs
October 20, 2024Multiple Microsoft Edge Chromium-based Vulnerabilities
October 18, 2024SmokeLoader Malware – Active IOCs
October 20, 2024
Severity
High
Analysis Summary
CVE-2024-21286 CVSS:5.4
Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enter.
CVE-2024-21285 CVSS:7.1
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking.
CVE-2024-21284 CVSS:7.1
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 14.5.0.12.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Banking.
CVE-2024-21282 CVSS:8.1
Vulnerability in the Oracle Financials product of Oracle E-Business Suite (component: Common Components). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financials accessible data as well as unauthorized access.
CVE-2024-21283 CVSS:8.1
Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.48-9.2.50. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise.
CVE-2024-21281 CVSS:5.3
Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation.
CVE-2024-21279 CVSS:8.1
Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Auctions). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data.
CVE-2024-21280 CVSS:8.1
Vulnerability in the Oracle Service Contracts product of Oracle E-Business Suite (component: Authoring). Supported versions that are affected are 12.2.5-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Contracts. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Service Contracts accessible data as well as unauthorized access.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-21286
- CVE-2024-21285
- CVE-2024-21284
- CVE-2024-21282
- CVE-2024-21283
- CVE-2024-21281
- CVE-2024-21279
- CVE-2024-21280
Affected Vendors
Oracle
Affected Products
- Oracle Corporation PeopleSoft Enterprise ELM Enterprise Learning Management - 9.2
- Oracle Corporation Oracle Banking Liquidity Management - 14.5.0.12.0
- Oracle Corporation Oracle Financials - 12.2.3
- Oracle Corporation PeopleSoft Enterprise HCM Global Payroll Core - 9.2.48
- Oracle Corporation Oracle Banking Liquidity Management - 14.7.0.6.0
- Oracle Corporation Oracle Sourcing - 12.2.3
- Oracle Corporation Oracle Service Contracts - 12.2.5
Remediation
Refer to Oracle Critical Patch Update Advisory, upgrade or suggested workaround information.