How severe is CVE-2024-21281?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-21281?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2024-21281

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-444

View all →

Vulnerability Description

Vulnerability in the Oracle Banking Liquidity Management product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.7.0.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Banking Liquidity Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Liquidity Management accessible data as well as unauthorized read access to a subset of Oracle Banking Liquidity Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Liquidity Management. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L).

CVE-2018-4030

MEDIUM

CVSS:5.3(Medium)

An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is i...

CWE-4442018

CVE-2019-17567

MEDIUM

CVSS:5.3(Medium)

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing f...

CWE-4442019

CVE-2019-18678

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. ...

CWE-4442019

CVE-2019-20372

MEDIUM

CVSS:5.3(Medium)

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is ...

CWE-4442019

CVE-2019-20866

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.

CWE-4442019

CVE-2020-5220

MEDIUM

CVSS:5.3(Medium)

Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make ...

CWE-4442020

CVE-2024-21281

Vulnerability Description

Related Vulnerabilities

CVE-2018-4030

CVE-2019-17567

CVE-2019-18678

CVE-2019-20372

CVE-2019-20866

CVE-2020-5220