Vulnerability in Oracle E-Business Suite's Customer Interaction History Product
CVE-2024-20950

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Customer Interaction History
Vendor: CVE Published:; 16 January 2024

Summary

A vulnerability exists in the Oracle Customer Interaction History component of the Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.13. This flaw allows an unauthenticated attacker with network access via HTTP to potentially compromise sensitive data. Though exploiting this vulnerability necessitates human interaction from a separate user, successful attempts can lead to unauthorized access, allowing for updates, inserts, or deletions of data that should remain protected. Furthermore, the impact of these attacks is not limited to the Customer Interaction History product itself, as they may adversely affect other interconnected products within the suite.

Affected Version(s)

Customer Interaction History 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023