Oracle E-Business Suite CVE-2024-20990 (Medium)

2024-11-27

This article describes a vulnerability (CVE-2024-20990) in Oracle E-Business Suite’s Oracle Applications Technology Stack (version 12.2.3 to 12.2.13). An attacker with network access can exploit this to gain unauthorized read access to some of the application’s data.

Here’s the summarized information:

Platform: Oracle E-Business Suite
Version: 12.2.3 – 12.2.13
Vulnerability: Unauthorized data access
Severity: Medium (CVSS 3.1 Base Score: 5.3)
Date: April 16, 2024 (published), November 27, 2024 (last modified)

What Undercode Says:

This vulnerability allows attackers to read a limited amount of data from Oracle E-Business Suite. While not a complete compromise, it can be a stepping stone for further attacks. It’s crucial to patch these systems as soon as possible.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top