Vulnerability in Oracle E-Business Suite Affects Application Object Library
CVE-2025-30726

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Application Object Library
Vendor: CVE Published:; 15 April 2025

Summary

A security issue has been identified in the Oracle E-Business Suite's Application Object Library that allows unauthenticated users with network access via HTTP to potentially exploit the system. This vulnerability enables such users to gain unauthorized read access to certain subsets of data within the Application Object Library. It is crucial for users to assess their systems for affected versions and implement necessary security measures to mitigate potential risks.

Affected Version(s)

Oracle Application Object Library 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025