How severe is CVE-2024-21040?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2024-21040?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-21040

MEDIUM Year: 2024

CVSS v3 Score

6.1

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVE-2016-10702

MEDIUM

CVSS:6.1(Medium)

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by mod...

CWE-2002016

CVE-2018-1059

MEDIUM

CVSS:6.1(Medium)

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translati...

CWE-2002018

CVE-2018-16658

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cas...

CWE-2002018

CVE-2018-20681

MEDIUM

CVSS:6.1(Medium)

mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cyclin...

CWE-2002018

CVE-2018-8714

MEDIUM

CVSS:6.1(Medium)

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libra...

CWE-2002018

CVE-2019-9541

MEDIUM

CVSS:6.1(Medium)

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Au...

CWE-2002019

CVE-2024-21040

Vulnerability Description

Related Vulnerabilities

CVE-2016-10702

CVE-2018-1059

CVE-2018-16658

CVE-2018-20681

CVE-2018-8714

CVE-2019-9541