SB2024041732 - Multiple vulnerabilities in Oracle Outside In Technology

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024041732

SB2024041732 - Multiple vulnerabilities in Oracle Outside In Technology

Published: April 17, 2024 Updated: January 20, 2025

Security Bulletin ID SB2024041732
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2024-21118)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


2) Improper input validation (CVE-ID: CVE-2024-21120)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


3) Improper input validation (CVE-ID: CVE-2024-21117)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


4) Improper input validation (CVE-ID: CVE-2024-21119)

The vulnerability allows a local authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the Outside In Core component in Oracle Outside In Technology. A local authenticated user can exploit this vulnerability to read and manipulate data.


5) Improper input validation (CVE-ID: CVE-2022-48579)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Outside In Core (unrar) component in Oracle Outside In Technology. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


6) Improper input validation (CVE-ID: CVE-2022-34169)

The vulnerability allows a remote non-authenticated attacker to compromise the affected system.

The vulnerability exists due to an integer truncation issue when processing malicious XSLT stylesheets. A remote non-authenticated attacker can pass specially crafted data to the application to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode.


Remediation

Install update from vendor's website.

References