CVE-2024-20939

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 17, 2024

Updated: Feb 20, 2024

Summary

CVE-2024-20939 is a vulnerability affecting Oracle CRM Technical Foundation in Oracle E-Business Suite versions 12.2.3 to 12.2.13. This issue, which has a CVSS Base Score of 4.3, allows a low-privileged attacker with network access to launch easy-to-exploit attacks via HTTP. Successful exploitation results in a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. Though no user interaction is required, an attacker needs limited access to the network to exploit this flaw. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uKyX7c
https://www.cve.org/CVERecord?id=CVE-2024-20939
https://nvd.nist.gov/vuln/detail/CVE-2024-20939

Back to Vulnerability Database

CVE-2024-20939

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations