Unauthenticated Network Vulnerability in Oracle E-Business Suite's Complex Maintenance Component
CVE-2024-21019

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Complex Maintenance, Repair, And Overhaul
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component of Oracle E-Business Suite enables an unauthenticated attacker with network access via HTTP to potentially compromise sensitive data. Exploitation of this vulnerability necessitates human interaction from a third party, while the root issue resides within Oracle's Complex Maintenance functionalities. The attack could lead to unauthorized data updates, insertions, deletions, and reading of certain data subsets, thereby impacting overall data confidentiality and integrity. Affected versions include 12.2.3 through 12.2.13 of the E-Business Suite, underscoring the importance of timely patching to secure essential business functions.

Affected Version(s)

Complex Maintenance, Repair, and Overhaul 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024