Unauthenticated Exploit in Oracle Sales Offline of Oracle E-Business Suite
CVE-2023-21854

7.5HIGH

Key Information:

Vendor: Oracle
Status: Sales Offline
Vendor: CVE Published:; 18 January 2023

Summary

A vulnerability exists in the Oracle Sales Offline component of the Oracle E-Business Suite where an unauthenticated attacker with network access can exploit this weakness via HTTP. The flaw allows unauthorized creation, deletion, or modification of accessible data, posing a significant risk to data integrity in supported versions 12.2.3 through 12.2.12. Organizations are urged to assess their systems and apply remedial measures to safeguard against potential exploitation.

Affected Version(s)

Sales Offline 12.2.3-12.2.12

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022