Vulnerability in Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul Product
CVE-2024-21033
6.1MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 April 2024
Summary
This vulnerability in Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul product allows an unauthenticated attacker to exploit the system via HTTP. Although successful exploitation requires human interaction from a third party, it poses a significant risk. The vulnerability could enable unauthorized updates, inserts, or deletions to the accessible data within the Oracle Complex Maintenance, Repair, and Overhaul. Moreover, there is the potential for unauthorized read access to a portion of accessible data, creating a broader impact on the security of the overall system.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published