Vulnerability in Oracle E-Business Suite's Diagnostic Framework
CVE-2024-21206

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Enterprise Command Center Framework
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability exists in the Diagnostics component of the Oracle Enterprise Command Center Framework within the Oracle E-Business Suite. This flaw allows an attacker with low privileges to exploit the system via HTTP, which can lead to unauthorized read access to certain accessible data. The affected versions include ECC:11 through ECC:13. Organizations utilizing this software should be aware of the potential risks and take appropriate measures to safeguard their data against this exploit.

Affected Version(s)

Oracle Enterprise Command Center Framework ECC:11 <= 13

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023