CVE-2024-20943

Summary

CVE-2024-20943 is a vulnerability affecting Oracle E-Business Suite's Internal Operations component, specifically the Oracle Knowledge Management product. Versions 12.2.3 to 12.2.13 are at risk. This easily exploitable issue enables a low-privileged attacker to gain unauthorized access via HTTP, compromising the Oracle Knowledge Management system. Human interaction is required for successful attacks, and the impact may extend to additional products. Successful exploits can result in unauthorized modification or deletion of data, as well as unauthorized reading of a subset of data. The Base Score, according to the Common Vulnerability Scoring System (CVSS), is 5.4, with impacts on both confidentiality and integrity. The CVSS Vector is: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.