Unauthorized Access Vulnerability in Oracle E-Business Suite REST Services
CVE-2024-21080

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 16 April 2024

What is CVE-2024-21080?

The vulnerability in Oracle E-Business Suite's REST Services component exposes the system to unauthorized access by low privileged attackers. Through network access via HTTP, an attacker can exploit this flaw to gain access to critical data, which can lead to unauthorized manipulation of data within the Oracle Applications Framework. The supported versions ranging from 12.2.9 to 12.2.13 are particularly at risk, necessitating immediate evaluation and remediation to prevent potential data breaches.

Affected Version(s)

Applications Framework 12.2.9 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2024