Vulnerability in Oracle E-Business Suite's Application Object Library
CVE-2023-21978

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Application Object Library
Vendor: CVE Published:; 18 April 2023

Summary

This vulnerability presents a security concern within the Oracle Application Object Library of the Oracle E-Business Suite, affecting multiple versions from 12.2.3 to 12.2.11. It allows a low-privileged attacker with network access via HTTP to compromise sensitive components of the application. Successfully carrying out an attack necessitates user interaction from an individual unrelated to the attacker, indicating potential social engineering vectors. The exploit may lead to unauthorized modifications or deletions of data, unauthorized reads of sensitive information, and could cause a partial denial of service for the Application Object Library. This vulnerability highlights the importance of maintaining secure practices, as the impacts extend beyond the affected product to potentially other systems relying on the library.

Affected Version(s)

Application Object Library 12.2.3-12.2.11

References

https://www.oracle.com/security-alerts/cpuapr2023.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Dec 17, 2022