Vulnerability in Oracle Financials of Oracle E-Business Suite
CVE-2024-21282

8.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Financials
Vendor: CVE Published:; 15 October 2024

Summary

A critical vulnerability has been identified in the Oracle Financials component of Oracle E-Business Suite, specifically impacting versions 12.2.3 through 12.2.13. This vulnerability can be exploited by low-privileged attackers with network access via HTTP, allowing them to potentially compromise sensitive financial data. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, posing significant risks to the confidentiality and integrity of Oracle Financials data. Organizations utilizing these versions should take immediate action to mitigate the risks associated with this vulnerability. For further details, refer to the official Oracle advisory.

Affected Version(s)

Oracle Financials 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuoct2024.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Dec 7, 2023

Collectors

NVD DatabaseMitre Database