Vulnerability in Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul Product
CVE-2024-21033

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Complex Maintenance Repair And Overhaul
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-21033?

This vulnerability in Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul product allows an unauthenticated attacker to exploit the system via HTTP. Although successful exploitation requires human interaction from a third party, it poses a significant risk. The vulnerability could enable unauthorized updates, inserts, or deletions to the accessible data within the Oracle Complex Maintenance, Repair, and Overhaul. Moreover, there is the potential for unauthorized read access to a portion of accessible data, creating a broader impact on the security of the overall system.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024