CVE-2024-21190 Overview
CVE-2024-21190 is a high-severity vulnerability in the Oracle Global Lifecycle Management FMW Installer component of Oracle Fusion Middleware. The flaw affects version 12.2.1.4.0 and resides in the Cloning component. An unauthenticated attacker with network access via SFTP can exploit this weakness to compromise the installer. Successful exploitation results in unauthorized creation, deletion, or modification of critical data accessible to the Oracle Global Lifecycle Management FMW Installer. Oracle disclosed the issue in the October 2024 Critical Patch Update.
Critical Impact
Unauthenticated network attackers can modify, create, or delete critical data within the Oracle Global Lifecycle Management FMW Installer through SFTP.
Affected Products
- Oracle Fusion Middleware 12.2.1.4.0
- Oracle Global Lifecycle Management FMW Installer (Cloning component)
- Deployments exposing SFTP access to the installer
Discovery Timeline
- 2024-10-15 - CVE-2024-21190 published to NVD
- 2024-10-15 - Oracle releases the October 2024 Critical Patch Update addressing the issue
- 2024-10-18 - Last updated in NVD database
Technical Details for CVE-2024-21190
Vulnerability Analysis
The vulnerability affects the Cloning component of the Oracle Global Lifecycle Management FMW Installer in Oracle Fusion Middleware 12.2.1.4.0. Oracle classifies the integrity impact as high, while confidentiality and availability are not affected. The attack reaches the installer over the network through SFTP, requires no authentication, and does not depend on user interaction. Exploitation enables an attacker to create, modify, or delete data the installer can access.
The CWE category is recorded as NVD-CWE-noinfo, reflecting that Oracle did not publish weakness specifics. Oracle Critical Patch Updates routinely include cloning and lifecycle management defects related to improper access control and input validation. The EPSS probability is 0.462% at percentile 36.338, indicating limited observed exploitation interest at the time of publication.
Root Cause
Oracle's advisory does not disclose code-level root cause information for CVE-2024-21190. Based on the CVSS profile, the defect permits unauthenticated SFTP-reachable operations against installer-managed data without sufficient authorization checks. Refer to the Oracle Security Alert October 2024 for vendor-supplied technical context.
Attack Vector
The attack vector is network-based via SFTP. An attacker requires reachability to the SFTP service exposed by the Oracle Global Lifecycle Management FMW Installer. No credentials, privileges, or user interaction are required. Once connected, the attacker manipulates installer-accessible data to violate integrity. The vulnerability does not directly produce code execution or data disclosure, but tampering with installer assets can cascade into supply-chain style impacts on downstream Fusion Middleware deployments.
No public proof-of-concept exploit is currently available, and the CVE is not listed in the CISA Known Exploited Vulnerabilities catalog.
Detection Methods for CVE-2024-21190
Indicators of Compromise
- Unexpected SFTP sessions to hosts running the Oracle Global Lifecycle Management FMW Installer from unknown source addresses.
- Unauthorized changes, additions, or deletions to installer cloning artifacts, response files, or staged binaries.
- Anomalous file write or delete operations on Fusion Middleware installer directories outside of scheduled change windows.
Detection Strategies
- Audit SFTP authentication logs and session activity on hosts running Oracle Fusion Middleware 12.2.1.4.0 for unauthenticated or unexpected access patterns.
- Implement file integrity monitoring on the FMW Installer directories, response files, and cloning artifacts to detect unauthorized modification.
- Correlate SFTP connection events with subsequent file changes to surface integrity-impacting activity within a short time window.
Monitoring Recommendations
- Forward Fusion Middleware host logs, SFTP service logs, and file integrity events to a centralized SIEM for retention and correlation.
- Alert on Oracle installer process activity following inbound SFTP sessions originating outside of approved administrative networks.
- Track Oracle Critical Patch Update advisories to ensure new related disclosures trigger detection content reviews.
How to Mitigate CVE-2024-21190
Immediate Actions Required
- Apply the October 2024 Oracle Critical Patch Update to Oracle Fusion Middleware 12.2.1.4.0 installations as directed by Oracle.
- Restrict network reachability to the SFTP service on hosts running the Oracle Global Lifecycle Management FMW Installer to trusted administrative networks only.
- Inventory affected hosts and prioritize patching for systems exposed to untrusted networks.
Patch Information
Oracle addressed CVE-2024-21190 in the Oracle Security Alert October 2024. Administrators should consult the Critical Patch Update advisory for the exact patch identifiers and installation prerequisites for Oracle Fusion Middleware 12.2.1.4.0.
Workarounds
- Place the FMW Installer behind network access controls that block untrusted sources from reaching SFTP listeners.
- Disable or stop the SFTP service on installer hosts when not actively in use for cloning operations.
- Enforce strict file permissions on installer-managed directories so only authorized service accounts can modify cloning artifacts.
# Configuration example: restrict SFTP exposure with host-based firewall rules
# Allow SFTP only from a trusted administrative subnet
iptables -A INPUT -p tcp -s 10.10.20.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
