#VU85549 Improper input validation in Enterprise Manager Base Platform - CVE-2024-20916

Cybersecurity Help s.r.o.

Published: 2024-01-17

Vulnerability identifier: #VU85549

Vulnerability risk: High

CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:U/U:Amber]

CVE-ID: CVE-2024-20916

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Enterprise Manager Base Platform
Server applications / Other server solutions

Vendor: Oracle

Description

The vulnerability allows a remote privileged user to compromise the affected system.

The vulnerability exists due to improper input validation within the Event Management component in Oracle Enterprise Manager Base Platform. A remote privileged user can exploit this vulnerability to compromise the affected system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Enterprise Manager Base Platform: 13.5.0.0

External links
https://www.oracle.com/security-alerts/cpujan2024.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Enterprise Manager Base Platform