Analysis Summary

CVE-2024-21006 CVSS:7.5

An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high confidentiality impact.

CVE-2024-20999 CVSS:8.2

An unspecified vulnerability in Oracle Solaris related to the Zones component could allow a local authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2024-21059 CVSS:7.8

An unspecified vulnerability in Oracle Solaris related to the Utility component could allow a local authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2024-21077 CVSS:7.5

An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the GL Accounts LOV component could allow a remote attacker to cause high confidentiality impact.

CVE-2024-21073 CVSS:7.5

An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the Claim LOV component could allow a remote attacker to cause a high confidentiality impact.

CVE-2024-21076 CVSS:7.5

An unspecified vulnerability in Oracle Trade Management product of Oracle E-Business Suite related to the Offer LOV component could allow a remote attacker to cause a high confidentiality impact.

CVE-2024-21088 CVSS:7.5

An unspecified vulnerability in Oracle Production Scheduling product of Oracle E-Business Suite related to the Import Utility component could allow a remote attacker to cause high integrity impacts.

CVE-2024-20989 CVSS:7

An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony POS component could allow a remote attacker to cause high confidentiality impact, low integrity impact, and low availability impact.

CVE-2024-21010 CVSS:9.9

An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony Enterprise Server component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2024-21067 CVSS:8.8

An unspecified vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager related to Host Management component could allow a local authenticated attacker to cause high confidentiality, high integrity and high availability impacts.

CVE-2024-21095 CVSS:8.2

An unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering related to the Web Access component could allow a remote attacker to cause high confidentiality and low integrity impacts.

CVE-2024-21074 CVSS:7.5

An unspecified vulnerability in the Oracle Trade Management product of Oracle E-Business Suite related to the Finance LOV component could allow a remote attacker to cause a high confidentiality impact.

CVE-2024-21092 CVSS:8.1

An unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain related to the Product Quality Management component could allow a remote authenticated attacker to cause a high confidentiality impact and high integrity impact .

CVE-2024-21082 CVSS:9.8

An unspecified vulnerability in Oracle BI Publisher related to the XML Services component could allow a remote attacker to cause high confidentiality impact, high integrity impact and high availability impact.

CVE-2024-21014 CVSS:9.8

An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony Enterprise Server component could allow a remote attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2024-21007 CVSS:7.5

An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a remote attacker to cause high confidentiality impact.

CVE-2024-21083 CVSS:7.2

An unspecified vulnerability in Oracle BI Publisher related to the Script Engine component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact and high availability impact.

CVE-2024-20997 CVSS:9.9

An unspecified vulnerability in Oracle Hospitality Simphony related to the Simphony Enterprise Server component could allow a remote authenticated attacker to cause high confidentiality impact, high integrity impact, and high availability impact.

CVE-2024-21090 CVSS:7.5

An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/Python component could allow a remote attacker to cause high availability impact.

CVE-2024-21071 CVSS:9.1

An unspecified vulnerability in the Oracle Workflow of Oracle E-Business Suite related to Admin Screens and Grants UI component could allow a remote authenticated attacker to cause high confidentiality , high integrity and high availability impacts.

Impact

• Denial of Service
• Gain Access
• Information Obtained

Indicators of Compromise

CVE

• CVE-2024-21006
• CVE-2024-20999
• CVE-2024-21059
• CVE-2024-21077
• CVE-2024-21073
• CVE-2024-21076
• CVE-2024-21088
• CVE-2024-20989
• CVE-2024-21010
• CVE-2024-21067
• CVE-2024-21095
• CVE-2024-21074
• CVE-2024-21092
• CVE-2024-21082
• CVE-2024-21014
• CVE-2024-21007
• CVE-2024-21083
• CVE-2024-20997
• CVE-2024-21090
• CVE-2024-21071

Affected Vendors

Remediation

Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information. 

Oracle Critical Patch Update Advisory