Summaryinfo

A vulnerability was found in Oracle Knowledge Management up to 12.2.13. It has been rated as critical. Impacted is an unknown function of the component Setup/Admin. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2024-20948. It is possible to initiate the attack remotely. There is no exploit available. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability was found in Oracle Knowledge Management up to 12.2.13 (Knowledge Base Software) and classified as critical. This issue affects an unknown function of the component Setup/Admin. Impacted is confidentiality, and integrity.

The weakness was shared 01/16/2024 as Oracle Critical Patch Update Advisory - January 2024. The advisory is shared at oracle.com. The identification of this vulnerability is CVE-2024-20948. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/15/2025).

A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2024-18662). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Knowledge Base Software

Vendor

• Oracle

Name

• Knowledge Management

Version

• 12.2.0
• 12.2.1
• 12.2.2
• 12.2.3
• 12.2.4
• 12.2.5
• 12.2.6
• 12.2.7
• 12.2.8
• 12.2.9
• 12.2.10
• 12.2.11
• 12.2.12
• 12.2.13

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion