CVE-2024-20947

Summary

CVE-2024-20947 is a vulnerability affecting the Oracle Common Applications component of Oracle E-Business Suite, specifically the CRM User Management Framework. Affected versions include 12.2.3 to 12.2.13. This issue allows a low-privileged attacker, with network access via HTTP, to compromise Oracle Common Applications. Successful exploitation requires human interaction and can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. The base score on the Common Vulnerability Scoring System (CVSS) is 5.4 for both confidentiality and integrity impacts. While this vulnerability exists in Oracle Common Applications, potential scope changes may impact additional products. Attacks may result in significant consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.