Remote Code Execution Vulnerability in Oracle E-Business Suite Web Applications
CVE-2023-22037

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Web Applications Desktop Integrator
Vendor: CVE Published:; 18 July 2023

Summary

A vulnerability exists in the Oracle Web Applications Desktop Integrator component of the Oracle E-Business Suite that permits a low-privileged attacker with network access to potentially compromise the system. This exploitation requires the interaction of another individual, leading to unauthorized updates, inserts, or deletions of accessible data. Furthermore, the attacker may gain unauthorized read access to certain data and inflict a partial denial of service on the application. The scope of the attack may extend beyond the Web Applications Desktop Integrator to impact additional products.

Affected Version(s)

Web Applications Desktop Integrator 12.2.3 <= 12.2.12

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022