Unauthorized Access Vulnerability in Oracle Complex Maintenance, Repair, and Overhaul
CVE-2024-21044
6.1MEDIUM
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 16 April 2024
Summary
A security vulnerability has been identified in the Oracle Complex Maintenance, Repair, and Overhaul component of the Oracle E-Business Suite. This issue allows an unauthenticated attacker with network access via HTTP to exploit the system, potentially leading to unauthorized updates, inserts, or deletions of data. While direct attacks are limited to the Complex Maintenance product, the impact may extend to other interconnected systems. Successful exploitation requires human interaction from a different user, which may complicate detection and mitigation efforts.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published