CVE-2024-21206

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpuoct2024.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:enterprise_command_center_framework:*:*:*:*:*:*:*:*

History

23 Jun 2025, 15:20

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpuoct2024.html -~~	() https://www.oracle.com/security-alerts/cpuoct2024.html - Vendor Advisory
First Time		Oracle Oracle enterprise Command Center Framework
CPE		cpe:2.3:a:oracle:enterprise_command_center_framework::::::::

Information

Published : 2024-10-15 20:15

Updated : 2025-06-23 15:20

NVD link : CVE-2024-21206

Mitre link : CVE-2024-21206

CVE.ORG link : CVE-2024-21206

JSON object : View

Products Affected

oracle

enterprise_command_center_framework

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2024-21206", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-10-15T20:15:09.050", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2024.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Enterprise Command Center Framework de Oracle E-Business Suite (componente: Diagn\u00f3stico). Las versiones compatibles afectadas son ECC:11-13. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle Enterprise Command Center Framework. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Enterprise Command Center Framework. Puntuaci\u00f3n base de CVSS 3.1: 4,3 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."}], "lastModified": "2025-06-23T15:20:13.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_command_center_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B88C407A-0A59-46DD-9093-8714208F9B92", "versionEndIncluding": "13", "versionStartIncluding": "11"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}