Session Management Vulnerability in Oracle E-Business Suite
CVE-2022-21636

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 18 October 2022

Summary

A vulnerability exists in the Oracle Applications Framework component of Oracle E-Business Suite, specifically within its session management feature. This security flaw can be easily exploited by attackers with low privileges who possess network access via HTTP. Successful exploitation of this vulnerability may grant unauthorized access to critical data or allow complete control over all data accessible through the Oracle Applications Framework. This can pose a significant risk to organizations utilizing affected versions of the software.

Affected Version(s)

Applications Framework 12.2.6-12.2.11

References

https://www.oracle.com/security-alerts/cpuoct2022.html

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 18, 2022
Vulnerability Reserved
Nov 15, 2021