CVE-2024-21100

EUVD-2024-18814
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform).  Supported versions that are affected are 11.3.0, 11.3.1 and  11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform.  While the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.0 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
oracleCNA
4 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
oraclecommerce_platform
11.3.0
oraclecommerce_platform
11.3.1
oraclecommerce_platform
11.3.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
oraclecommerce
11.3.0
CNA
oraclecommerce
11.3.1
CNA
oraclecommerce
11.3.2
CNA
References
https://www.oracle.com/security-alerts/cpuapr2024.html
https://www.oracle.com/security-alerts/cpuapr2024.html