Vulnerability in Oracle iSupport of Oracle E-Business Suite
CVE-2024-20944

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
iSupport
Vendor
CVE Published:
16 January 2024

Summary

The vulnerability in Oracle iSupport within the Oracle E-Business Suite allows attackers with low privileges to exploit the system through network access via HTTP. This vulnerability, while residing in Oracle iSupport, has the potential to affect other components significantly. Successful exploitation may lead to unauthorized modifications, deletions, or access to data managed by Oracle iSupport. Importantly, successful attacks necessitate user interaction from a party other than the attacker, highlighting a critical point of risk. Organizations utilizing the affected versions of Oracle E-Business Suite must implement recommended security measures to mitigate potential impacts.

Affected Version(s)

iSupport 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpujan2024.html
vendor-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.