CVE-2024-20917 in Enterprise Manager Base Platform
Summary
by MITRE • 02/17/2024
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/20/2025
The vulnerability identified as CVE-2024-20917 resides within Oracle Enterprise Manager Base Platform version 13.5.0.0, specifically within the Log Management component. This represents a significant security weakness that affects organizations relying on Oracle's enterprise management infrastructure. The vulnerability's classification as difficult to exploit indicates that while it requires specific conditions to be successfully leveraged, the potential impact remains severe enough to warrant immediate attention. The attack vector through HTTP protocols means that malicious actors can potentially compromise the system without requiring authentication credentials, making this particularly dangerous in networked environments where HTTP services are exposed to external traffic.
The technical flaw manifests as an unauthenticated access point that allows attackers to gain unauthorized access to critical data within the Oracle Enterprise Manager Base Platform. This vulnerability operates with a CVSS 3.1 base score of 7.5, indicating a high severity level that encompasses significant impacts to confidentiality, integrity, and availability. The attack requires human interaction from users other than the attacker, suggesting that social engineering or user deception may be necessary components of the exploitation process. However, the scope change aspect of this vulnerability means that successful attacks can extend beyond the immediate target platform to impact additional Oracle products within the enterprise ecosystem, amplifying the potential damage.
The operational impact of CVE-2024-20917 extends beyond simple data compromise to include complete access to all accessible data within the platform, as well as unauthorized modification capabilities through update, insert, or delete operations. This comprehensive access level represents a severe threat to data integrity and can result in unauthorized alterations to critical enterprise management configurations. Additionally, the vulnerability can enable partial denial of service conditions, potentially disrupting essential monitoring and management functions that organizations depend upon for operational continuity. The CVSS vector (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L) confirms the network accessibility with high attack complexity, no privilege requirements, and user interaction requirements, while the scope change component indicates that impacts extend beyond the immediate platform boundaries.
Organizations should implement immediate mitigations including network segmentation to restrict access to Oracle Enterprise Manager services, deployment of web application firewalls to monitor and filter HTTP traffic, and comprehensive network access controls to limit exposure. The vulnerability aligns with CWE-287 (Improper Authentication) and potentially CWE-311 (Missing Encryption of Sensitive Data) categories, while attack patterns may correspond to techniques documented in the MITRE ATT&CK framework under Initial Access and Persistence phases. Regular security assessments and monitoring of log management systems should be implemented to detect anomalous access patterns, while patch management processes should be prioritized to address this vulnerability through official Oracle security updates. The affected platform's exposure to unauthorized data access and modification capabilities necessitates immediate attention from security teams to prevent potential data breaches and operational disruptions that could cascade across enterprise infrastructure.