Vulnerability in Oracle E-Business Suite's Data Provider UI
CVE-2024-21072

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Installed Base
Vendor: CVE Published:; 16 April 2024

Summary

An exploitable vulnerability exists in the Oracle Installed Base component of Oracle E-Business Suite, specifically in the Data Provider UI. This flaw allows unauthenticated attackers, upon gaining network access via HTTP, to potentially compromise the system. The attack requires human interaction from a user other than the attacker. While the vulnerability resides within the Oracle Installed Base, successful exploitation may impact additional components, leading to unauthorized data updates, insertions, deletions, and unauthorized read access to certain data. This poses risks to both confidentiality and integrity of the data managed by Oracle Installed Base.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024