Unauthorized Data Access in Oracle E-Business Suite Component
CVE-2024-21031
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 April 2024
Summary
A vulnerability in Oracle Complex Maintenance, Repair, and Overhaul within the Oracle E-Business Suite allows an unauthenticated attacker with network access to exploit the system. The attacker can compromise sensitive data without needing direct interaction, requiring only that a user is misled into interacting with a crafted request. Successful exploitation may lead to unauthorized update, insert, or delete access to key data, along with unauthorized read access to some data subsets, potentially impacting additional products due to the scope change. Users of the affected versions are strongly advised to apply the necessary updates to mitigate the associated risks.
Affected Version(s)
Complex Maintenance, Repair, and Overhaul 12.2.3 <= 12.2.13
References
CVSS V3.1
Timeline
Vulnerability published