Vulnerability in Oracle E-Business Suite Affecting Oracle Applications Technology
CVE-2024-20990

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Applications Technology Stack
Vendor: CVE Published:; 16 April 2024

Summary

This vulnerability in Oracle Applications Technology within the Oracle E-Business Suite allows an unauthenticated attacker with network access to potentially gain unauthorized read access to sensitive data. The issue affects various versions of the software, specifically versions 12.2.3 through 12.2.13, making it crucial for users and administrators to apply necessary patches and mitigations to protect against possible data breaches.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2024