Cybercriminals Use Evasive ‘CR4T’ Backdoor to Target Middle East Governments – Active IOCs
April 19, 2024CVE-2024-3914 – Google Chrome Vulnerability
April 19, 2024Cybercriminals Use Evasive ‘CR4T’ Backdoor to Target Middle East Governments – Active IOCs
April 19, 2024CVE-2024-3914 – Google Chrome Vulnerability
April 19, 2024Severity
High
Analysis Summary
CVE-2024-21006 CVSS:7.5
An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high confidentiality impact.
CVE-2024-20999 CVSS:8.2
An unspecified vulnerability in Oracle Solaris related to the Zones component could allow a local authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2024-21059 CVSS:7.8
An unspecified vulnerability in Oracle Solaris related to the Utility component could allow a local authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2024-21077 CVSS:7.5
An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the GL Accounts LOV component could allow a remote attacker to cause high confidentiality impact.
CVE-2024-21073 CVSS:7.5
An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the Claim LOV component could allow a remote attacker to cause a high confidentiality impact.
CVE-2024-21076 CVSS:7.5
An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the Offer LOV component could allow a remote attacker to cause a high confidentiality impact.
CVE-2024-21088 CVSS:7.5
An unspecified vulnerability in Oracle Production Scheduling product of Oracle E-Business Suite related to the Import Utility component could allow a remote attacker to cause high integrity impacts.
CVE-2024-20989 CVSS:7
An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony POS component could allow a remote attacker to cause high confidentiality impact, low integrity impact, and low availability impact.
CVE-2024-21010 CVSS:9.9
An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony Enterprise Server component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2024-21067 CVSS:8.8
An unspecified vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager related to Host Management component could allow a local authenticated attacker to cause high confidentiality, high integrity and high availability impacts.
CVE-2024-21095 CVSS:8.2
An unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering related to the Web Access component could allow a remote attacker to cause high confidentiality and low integrity impacts.
CVE-2024-21074 CVSS:7.5
An unspecified vulnerability in the Oracle Trade Management product of Oracle E-Business Suite related to the Finance LOV component could allow a remote attacker to cause a high confidentiality impact.
CVE-2024-21092 CVSS:8.1
An unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain related to the Product Quality Management component could allow a remote authenticated attacker to cause a high confidentiality impact and high integrity impact .
CVE-2024-21082 CVSS:9.8
An unspecified vulnerability in Oracle BI Publisher related to the XML Services component could allow a remote attacker to cause high confidentiality impact, high integrity impact and high availability impact.
CVE-2024-21014 CVSS:9.8
An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony Enterprise Server component could allow a remote attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2024-21007 CVSS:7.5
An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high confidentiality impact.
CVE-2024-21083 CVSS:7.2
An unspecified vulnerability in Oracle BI Publisher related to the Script Engine component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact and high availability impact.
CVE-2024-20997 CVSS:9.9
An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony Enterprise Server component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.
CVE-2024-21090 CVSS:7.5
An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/Python component could allow a remote attacker to cause high availability impact.
CVE-2024-21071 CVSS:9.1
An unspecified vulnerability in the Oracle Workflow of Oracle E-Business Suite related to Admin Screens and Grants UI component could allow a remote authenticated attacker to cause high confidentiality , high integrity and high availability impacts.
Impact
- Denial of Service
- Gain Access
- Information Obtained
Indicators of Compromise
CVE
- CVE-2024-21006
- CVE-2024-20999
- CVE-2024-21059
- CVE-2024-21077
- CVE-2024-21073
- CVE-2024-21076
- CVE-2024-21088
- CVE-2024-20989
- CVE-2024-21010
- CVE-2024-21067
- CVE-2024-21095
- CVE-2024-21074
- CVE-2024-21092
- CVE-2024-21082
- CVE-2024-21014
- CVE-2024-21007
- CVE-2024-21083
- CVE-2024-20997
- CVE-2024-21090
- CVE-2024-21071
Affected Vendors
Affected Products
- Oracle Enterprise Manager Base Platform 13.5.0.0
- Oracle Solaris 11
- Oracle WebLogic Server 12.2.1.4.0
- Oracle WebLogic Server 14.1.1.0.0
- Oracle Trade Management 12.2.3
- Oracle Trade Management 12.2.13
- Oracle Production Scheduling 12.2.12
- Oracle Production Scheduling 12.2.4
- Oracle Hospitality Simphony 19.1.0
- Oracle Hospitality Simphony 19.5.4
- Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.22
- Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.0
- Oracle Primavera P6 Enterprise Project Portfolio Management 20.12.0
- Oracle Primavera P6 Enterprise Project Portfolio Management 20.12.21
- Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.0
- Oracle Primavera P6 Enterprise Project Portfolio Management 21.12.18
- Oracle Primavera P6 Enterprise Project Portfolio Management 22.12.0
- Oracle Primavera P6 Enterprise Project Portfolio Management 22.12.12
- Oracle Primavera P6 Enterprise Project Portfolio Management 23.12.0
- Oracle Primavera P6 Enterprise Project Portfolio Management 23.12.2
- Oracle Agile Product Lifecycle Management for Process 6.2.4.2
- Oracle BI Publisher 7.0.0.0.0
- Oracle MySQL Server 8.0.35
- Oracle MySQL Server 8.2.0
- Oracle MySQL Server 8.0.36
- Oracle MySQL Server 8.3.0
- Oracle Workflow 12.2.3
- Oracle Workflow 12.2.13
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.