CVE-2024-21188

Summary

CVE-2024-21188 is a vulnerability affecting Oracle Financial Services Revenue Management and Billing, specifically the Chatbot component, in versions 6.0.0.0.0 and 6.1.0.0.0 of Oracle Financial Services Applications. This issue allows unauthenticated attackers with network access to compromise the system via HTTP. However, successful exploitation requires human interaction, which may result in unauthorized access to some data or unauthorized read access to a subset of data. This vulnerability, though easily exploitable, primarily impacts Oracle Financial Services Revenue Management and Billing, but potential consequences may extend to other products as well. The Base Score is 6.1 (Confidentiality and Integrity) according to the Common Vulnerability Scoring System (CVSS) 3.1.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.