CVE-2024-21191: 
Oracle Coherence vulnerability analysis and mitigation

A vulnerability has been identified in Oracle Enterprise Manager Fusion Middleware Control version 12.2.1.4.0, tracked as CVE-2024-21191. This is an easily exploitable vulnerability that allows low-privileged attackers with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. The vulnerability requires human interaction from a person other than the attacker, and while the vulnerability exists in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.6 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N. This indicates network attack vector, low attack complexity, low privileges required, user interaction required, changed scope, high confidentiality impact, low integrity impact, and no availability impact (NVD).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data. Additionally, it can lead to unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of the October 2024 Critical Patch Update. Users are strongly advised to update to the patched version of Oracle Enterprise Manager Fusion Middleware Control (Oracle Advisory).