Oracle E-Business Suite: CVE-2024-21034: Critical Patch Update

Oracle E-Business Suite: CVE-2024-21034: Critical Patch Update

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

04/16/2024

Created

05/06/2024

Added

05/06/2024

Modified

05/06/2024

Description

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Solution(s)

• oracle-ebs-apr-2024-cpu-12_2

References

• https://attackerkb.com/topics/cve-2024-21034
• CVE - 2024-21034
• https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1
• https://www.oracle.com/security-alerts/cpuapr2024.html