Vulnerability in Oracle E-Business Suite Affecting Oracle Applications Technology
CVE-2024-20990

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: E-business Suite Technology Stack
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-20990?

This vulnerability in Oracle Applications Technology within the Oracle E-Business Suite allows an unauthenticated attacker with network access to potentially gain unauthorized read access to sensitive data. The issue affects various versions of the software, specifically versions 12.2.3 through 12.2.13, making it crucial for users and administrators to apply necessary patches and mitigations to protect against possible data breaches.

Affected Version(s)

E-Business Suite Technology Stack 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024