Unauthorized Data Access Vulnerability in Oracle E-Business Suite iSupplier Portal
CVE-2023-21825

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: iSupplier Portal
Vendor: CVE Published:; 18 January 2023

Summary

An exploitable vulnerability exists in the Oracle iSupplier Portal, part of the Oracle E-Business Suite's Supplier Management component. This flaw allows unauthenticated attackers with network access via HTTP to potentially access restricted data. The affected versions (12.2.6 to 12.2.8) may expose sensitive information, leading to unauthorized read access to data within the portal. Organizations should assess their exposure to this vulnerability promptly and implement necessary security measures.

Affected Version(s)

iSupplier Portal 12.2.6-12.2.8

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022