Vulnerability in Oracle E-Business Suite's Advanced Outbound Telephony Component
CVE-2025-21489

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Advanced Outbound Telephony
Vendor: CVE Published:; 21 January 2025

Summary

An unauthenticated network access vulnerability exists in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite, specifically between versions 12.2.3 to 12.2.10. This flaw can be exploited by attackers who have network access through HTTP, requiring human interaction from a third party. Although the vulnerability is isolated to the Advanced Outbound Telephony component, its exploitation could lead to broader impacts across additional connected products. A successful attack may allow unauthorized attackers to perform operations such as updating, inserting, or deleting data, along with obtaining unauthorized read access to sensitive information.

Affected Version(s)

Oracle Advanced Outbound Telephony 12.2.3 <= 12.2.10

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024