Vulnerability in Oracle E-Business Suite's Applications Framework
CVE-2022-21468

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 19 April 2022

Summary

The vulnerability within Oracle E-Business Suite's Applications Framework allows unauthenticated attackers to exploit the system through HTTP. Although successful exploitation requires interaction from a user other than the attacker, the impacts can be severe, potentially allowing unauthorized updates, inserts, or deletions of data. Furthermore, the vulnerability might permit unauthorized read access to a portion of accessible data within the Applications Framework, posing risks to confidentiality and integrity. Addressing this vulnerability is vital for safeguarding sensitive information and maintaining operational security.

Affected Version(s)

Applications Framework 12.2.4-12.2.11

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021