Information Disclosure Vulnerability in Oracle Sourcing Product
CVE-2024-21279

8.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Sourcing
Vendor: CVE Published:; 15 October 2024

What is CVE-2024-21279?

A security vulnerability exists in the Oracle Sourcing component of the Oracle E-Business Suite, specifically affecting versions 12.2.3 through 12.2.13. This easily exploitable vulnerability allows attackers with low privileges and network access via HTTP to manipulate the application's functionality. Successful exploitation may lead to unauthorized creation, modification, or deletion of critical data within Oracle Sourcing. Attackers may gain critical access to all data accessible by the application, significantly impacting the confidentiality and integrity of sensitive business information. Organizations using affected versions are advised to review the Oracle security advisory for mitigation strategies.

Affected Version(s)

Oracle Sourcing 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023