CVE-2024-20980

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 17, 2024

Updated: Feb 20, 2024

Summary

CVE-2024-20980 is a vulnerability affecting Oracle BI Publisher, a component of Oracle Analytics. This issue is present in versions 6.4.0.0.0 and 7.0.0.0.0 of the product. An attacker with limited network access via HTTP can exploit this vulnerability, leading to unauthorized access to some Oracle BI Publisher data. Human interaction is required for a successful attack. Potential impacts include unauthorized update, insert, or delete access and unauthorized read access. The base score of this vulnerability, according to the Common Vulnerability Scoring System (CVSS), is 5.4 for both confidentiality and integrity impacts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uKyEdm
https://www.cve.org/CVERecord?id=CVE-2024-20980
https://nvd.nist.gov/vuln/detail/CVE-2024-20980

Back to Vulnerability Database

CVE-2024-20980

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations