CVE-2024-21190

Summary

CVE-2024-21190 is a vulnerability affecting the Oracle Global Lifecycle Management FMW Installer component of Oracle Fusion Middleware, specifically version 12.2.1.4.0. This flaw allows unauthenticated attackers with network access via SFTP to exploit the system, potentially leading to unauthorized creation, deletion, or modification of critical data. The vulnerability has a CVSS 3.1 Base Score of 7.5, indicating a high severity level with significant integrity impacts and low attack complexity. To remediate this issue, organizations should apply the latest security updates provided by Oracle as detailed in their security alerts. Failure to address this vulnerability poses a considerable risk to organizations by compromising sensitive data accessibility and integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.