CVE-2024-20907

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 17, 2024

Updated: Feb 20, 2024

Summary

CVE-2024-20907 is a vulnerability affecting the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite, specifically versions 12.2.3 to 12.2.13. This issue is characterized as easily exploitable and allows unauthenticated attackers, with network access via HTTP, to compromise the Oracle Web Applications Desktop Integrator. Successful attacks necessitate human interaction and could potentially impact additional products beyond the affected component. The consequences of a successful exploit include unauthorized update, insert, or delete access to certain data and unauthorized read access to a subset of data within the Oracle Web Applications Desktop Integrator. The base score of this vulnerability, according to the Common Vulnerability Scoring System (CVSS), is 6.1, with impacts on both confidentiality and integrity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database