Unauthenticated Vulnerability in Oracle E-Business Suite 'Complex Maintenance, Repair, and Overhaul' Product
CVE-2024-21039

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Complex Maintenance Repair And Overhaul
Vendor
CVE Published:
16 April 2024

Summary

An unauthenticated vulnerability exists in Oracle's Complex Maintenance, Repair, and Overhaul product within the E-Business Suite, affecting versions 12.2.3 through 12.2.13. This vulnerability allows an attacker with network access via HTTP to potentially compromise the system. Exploiting this issue requires interaction from a user not controlled by the attacker. While the primary focus is on the Complex Maintenance, Repair, and Overhaul component, the implications of a successful attack could extend to other products, facilitating unauthorized data updates, insertions or deletions, as well as unauthorized reading of sensitive information.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.