How severe is CVE-2024-21136?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-21136?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-21136 - HIGH Severity | CVSS 8.6

Vulnerability Description

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).

Related Vulnerabilities

CVE-2015-7932

HIGH

CVSS:8.6(High)

Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network.

CWE-2002015

CVE-2015-7934

HIGH

CVSS:8.6(High)

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors.

CWE-2002015

CVE-2015-8555

HIGH

CVSS:8.6(High)

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains t...

CWE-2002015

CVE-2016-0904

HIGH

CVSS:8.6(High)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to d...

CWE-2002016

CVE-2017-2317

HIGH

CVSS:8.6(High)

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause...

CWE-2002017

CVE-2018-16288

HIGH

CVSS:8.6(High)

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

CWE-2002018