Unauthenticated Access Vulnerability in Oracle E-Business Suite Complex Maintenance Module
CVE-2024-21037

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Complex Maintenance, Repair, And Overhaul
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the Oracle Complex Maintenance, Repair, and Overhaul component of the Oracle E-Business Suite, which could allow unauthenticated attackers with network access via HTTP to exploit the system. Successful exploitation increases the risk of unauthorized modifications or deletions of data within the affected product, as well as unauthorized read access to some confidential data. Notably, while the flaw is localized to the Complex Maintenance, Repair, and Overhaul product, it has the potential to impact other integrated services, depending on the specific environment configurations. Users should be aware of the requirement for human interaction from someone other than the attacker to execute a successful attack.

Affected Version(s)

Complex Maintenance, Repair, and Overhaul 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024