Exploitable Vulnerability in Oracle E-Business Suite Concurrent Processing
CVE-2024-21089

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Concurrent Processing
Vendor
CVE Published:
16 April 2024

Summary

A significant security vulnerability exists in the Oracle E-Business Suite, specifically within the Concurrent Processing component, which facilitates request submission and scheduling functionalities. Supported versions from 12.2.3 to 12.2.13 are particularly at risk. This flaw can be exploited by attackers with low-level privileges who have network access via HTTP. If successfully exploited, an attacker could gain unauthorized access to sensitive data within the Oracle Concurrent Processing system, potentially compromising the integrity of critical operational information. Organizations utilizing these affected versions should take immediate steps to assess their exposure and implement necessary security measures, as the implications of this vulnerability could be severe.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.