Critical Vulnerability Found in Oracle Enterprise Manager – Update Now!

CVECVE-2024-20916
CVSScvssV3_1: 8.3
SourceCVE-2024-20916

Oracle Enterprise Manager is a popular tool used by many companies to manage their Oracle databases and infrastructure. Unfortunately, researchers have discovered a serious vulnerability in Oracle Enterprise Manager Base Platform version 13.5.0.0 that could allow a remote attacker to completely compromise systems.

The vulnerability is related to how Oracle Enterprise Manager handles network communication. A hacker with access to the same network could exploit this flaw to gain full administrative access to the Oracle Enterprise Manager installation. Once in, they would be able to view, delete or modify any data being managed by the software. Worse still, the attacker could use their access to launch attacks on other systems or cause service outages.

The vulnerability has been given a CVSS score of 8.3 out of 10, meaning it is relatively easy to exploit and its impacts are severe, affecting the confidentiality, integrity and availability of systems. At this time, there is no fix available from Oracle, so organizations using affected versions of Oracle Enterprise Manager are urged to isolate those systems or implement additional network controls until a patch is released.

If you use Oracle Enterprise Manager, be sure to check your versions and apply any updates from Oracle as soon as they are available. Also consider network segmentation, firewalls and monitoring as interim protections. Taking action now can prevent hackers from accessing and compromising your valuable systems and data.

References