Unauthenticated Vulnerability in Oracle E-Business Suite 'Complex Maintenance, Repair, and Overhaul' Product
CVE-2024-21039

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Complex Maintenance, Repair, And Overhaul
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-21039?

An unauthenticated vulnerability exists in Oracle's Complex Maintenance, Repair, and Overhaul product within the E-Business Suite, affecting versions 12.2.3 through 12.2.13. This vulnerability allows an attacker with network access via HTTP to potentially compromise the system. Exploiting this issue requires interaction from a user not controlled by the attacker. While the primary focus is on the Complex Maintenance, Repair, and Overhaul component, the implications of a successful attack could extend to other products, facilitating unauthorized data updates, insertions or deletions, as well as unauthorized reading of sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Complex Maintenance, Repair, and Overhaul 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024

JSON

Oracle