Vulnerability in Oracle iSupport of Oracle E-Business Suite
CVE-2024-20944

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 16 January 2024

What is CVE-2024-20944?

The vulnerability in Oracle iSupport within the Oracle E-Business Suite allows attackers with low privileges to exploit the system through network access via HTTP. This vulnerability, while residing in Oracle iSupport, has the potential to affect other components significantly. Successful exploitation may lead to unauthorized modifications, deletions, or access to data managed by Oracle iSupport. Importantly, successful attacks necessitate user interaction from a party other than the attacker, highlighting a critical point of risk. Organizations utilizing the affected versions of Oracle E-Business Suite must implement recommended security measures to mitigate potential impacts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iSupport 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023

JSON

Oracle