Unauthenticated Access Vulnerability in Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul
CVE-2024-21046

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Complex Maintenance, Repair, And Overhaul
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the Oracle E-Business Suite's Complex Maintenance, Repair, and Overhaul component, allowing unauthenticated attackers with network access to exploit the system. Successful exploitation requires human interaction, creating a risk of unauthorized updates, inserts, or deletions of accessible data. Moreover, it can lead to unauthorized read access to sensitive data, potentially extending impacts to other components within Oracle E-Business Suite.

Affected Version(s)

Complex Maintenance, Repair, and Overhaul 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024