SQL Injection Vulnerability in Oracle E-Business Suite Trading Community
CVE-2024-21167

8.1HIGH

Key Information:

Vendor: Oracle
Status: Trading Community
Vendor: CVE Published:; 16 July 2024

What is CVE-2024-21167?

A vulnerability has been identified in Oracle E-Business Suite's Trading Community, specifically within the Party Search UI component. This flaw allows low-privileged attackers, who possess network access through HTTP, to exploit the system and potentially compromise critical data. Successful exploitation could enable unauthorized actions such as the creation, deletion, or modification of sensitive information accessible through Oracle Trading Community. This poses a significant risk, as it can lead to severe confidentiality and integrity impacts for organizations relying on the affected versions (12.2.3 - 12.2.13). It is crucial for users to apply patches and take necessary precautions to mitigate this threat.

References

https://www.oracle.com/security-alerts/cpujul2024.html

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2024