How severe is CVE-2024-21071?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-21071?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2024-21071 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Related Vulnerabilities

CVE-2013-5654

CRITICAL

CVSS:9.1(Critical)

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage

CWE-2842013

CVE-2015-1000009

CRITICAL

CVSS:9.1(Critical)

Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05

CWE-2842015

CVE-2015-8361

CRITICAL

CVSS:9.1(Critical)

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, o...

CWE-2842015

CVE-2016-4501

CRITICAL

CVSS:9.1(Critical)

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via u...

CWE-2842016

CVE-2016-4694

CRITICAL

CVSS:9.1(Critical)

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data ...

CWE-2842016

CVE-2016-5599

CRITICAL

CVSS:9.1(Critical)

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integ...

CWE-2842016