CVE-2024-21286

Summary

CVE-2024-21286 is a vulnerability affecting the Oracle PeopleSoft Enterprise ELM (Enterprise Learning Management) product, specifically version 9.2. This flaw allows a low-privileged attacker with network access via HTTP to exploit the system, requiring human interaction from another user for successful execution. The potential risks include unauthorized access to sensitive data, enabling attackers to update, insert, or delete information within the system. To mitigate this vulnerability, organizations should apply available patches and implement robust security measures as detailed in Oracle's security alert. The CVSS 3.1 base score for this vulnerability is 5.4, indicating medium severity with low impacts on confidentiality and integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.