Unauthenticated Network Vulnerability in Oracle E-Business Suite Complex Maintenance Product
CVE-2024-21022
6.1MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 April 2024
Summary
A vulnerability exists in the Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul product, specifically impacting versions 12.2.3 through 12.2.13. This vulnerability enables an unauthenticated attacker with network access via HTTP to exploit the system, requiring human interaction from a user to successfully execute attacks. Although primarily affecting the maintenance product, the consequences of an attack could extend to other components, leading to unauthorized access which allows attackers to update, insert, or delete sensitive data, as well as read restricted data subsets. Stakeholders are advised to take the necessary precautions to secure their systems in light of these risks.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published