CVE-2024-20935

Summary

CVE-2024-20935 is a vulnerability affecting Oracle E-Business Suite's Engineering Change Order component (Oracle Installed Base) in versions 12.2.3 to 12.2.13. This easily exploitable issue enables unauthenticated attackers, with network access via HTTP, to gain unauthorized access to some of the Oracle Installed Base accessible data. Although requiring human interaction, successful attacks may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access, as well as unauthorized read access to a subset of the data. The CVSS Base Score is 6.1 for Confidentiality and Integrity impacts. Attack vectors include network access with no authentication required, and the potential damage includes data theft or manipulation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.