Unauthorized Data Access in Oracle E-Business Suite Component
CVE-2024-21031
6.1MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 April 2024
Summary
A vulnerability in Oracle Complex Maintenance, Repair, and Overhaul within the Oracle E-Business Suite allows an unauthenticated attacker with network access to exploit the system. The attacker can compromise sensitive data without needing direct interaction, requiring only that a user is misled into interacting with a crafted request. Successful exploitation may lead to unauthorized update, insert, or delete access to key data, along with unauthorized read access to some data subsets, potentially impacting additional products due to the scope change. Users of the affected versions are strongly advised to apply the necessary updates to mitigate the associated risks.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published