Unauthenticated Access Vulnerability in Oracle iStore of Oracle E-Business Suite
CVE-2024-20938

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: iStore
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists in the Oracle iStore component of Oracle E-Business Suite. This flaw allows unauthenticated attackers with network access via HTTP to exploit the system. While the attack requires human interaction from another individual, it poses a significant risk to Oracle iStore and potentially compromises other integrated components. Successful exploitations can result in unauthorized access to modify or delete accessible data, as well as unauthorized read access to certain data sets. This vulnerability highlights the crucial need for enhanced security measures and proactive monitoring in affected systems.

Affected Version(s)

iStore 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023