U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-20948

Change History

New CVE Received by NIST 1/16/2024 5:15:42 PM

Action Type Old Value New Value
Added CVSS V3.1

Oracle AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Added Description

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as  unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Added Reference

Oracle https://www.oracle.com/security-alerts/cpujan2024.html [No types assigned]