Vulnerability in Oracle Applications Manager Affects Oracle E-Business Suite
CVE-2024-21268

8.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Applications Manager
Vendor: CVE Published:; 15 October 2024

Summary

A significant security vulnerability has been identified in the Oracle Applications Manager component of the Oracle E-Business Suite, specifically affecting versions 12.2.11 through 12.2.13. This vulnerability can be easily exploited by low privileged attackers with HTTP network access to compromise the Oracle Applications Manager environment. Successful exploitation can lead to unauthorized actions, including the creation, deletion, or modification of critical data. Attackers may gain complete access to all data managed by the Oracle Applications Manager, posing severe risks to data confidentiality and integrity. Organizations utilizing affected versions should take immediate steps to remediate this vulnerability to protect against potential data breaches and unauthorized access.

Affected Version(s)

Oracle Applications Manager 12.2.11 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023

Collectors

NVD DatabaseMitre Database