Vulnerability in Oracle Marketing Component of Oracle E-Business Suite
CVE-2023-21851

7.5HIGH

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 18 January 2023

What is CVE-2023-21851?

This vulnerability allows an unauthenticated attacker with network access via HTTP to exploit the Oracle Marketing component within Oracle E-Business Suite. By leveraging this flaw, an attacker may gain unauthorized permissions to create, delete, or modify critical data within Oracle Marketing. The issue impacts versions 12.2.3 through 12.2.12, posing a risk of significant data integrity breaches with potential ramifications for organizational security.

Affected Version(s)

Marketing 12.2.3-12.2.12

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022