How severe is CVE-2024-20915?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-20915?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2024-20915

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-444

View all →

Vulnerability Description

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVE-2018-4030

MEDIUM

CVSS:5.3(Medium)

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is i...

CWE-4442018

CVE-2019-17567

MEDIUM

CVSS:5.3(Medium)

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing f...

CWE-4442019

CVE-2019-18678

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. ...

CWE-4442019

CVE-2019-20372

MEDIUM

CVSS:5.3(Medium)

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is ...

CWE-4442019

CVE-2019-20866

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.

CWE-4442019

CVE-2020-5220

MEDIUM

CVSS:5.3(Medium)

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make ...

CWE-4442020

CVE-2024-20915

Vulnerability Description

Related Vulnerabilities

CVE-2018-4030

CVE-2019-17567

CVE-2019-18678

CVE-2019-20372

CVE-2019-20866

CVE-2020-5220