CVE-2024-21266

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 15, 2024

CWE ID 863

Summary

CVE-2024-21266 is a high-severity vulnerability affecting the Oracle Advanced Pricing component of the Oracle E-Business Suite, specifically in versions 12.2.3 to 12.2.13. This easily exploitable flaw allows low-privileged attackers with network access via HTTP to gain unauthorized access, enabling them to create, delete, or modify critical data within the Oracle Advanced Pricing system. The vulnerability has a CVSS 3.1 Base Score of 8.1, indicating significant impacts on confidentiality and integrity, while availability remains unaffected. To remediate this issue, organizations should promptly apply security updates provided by Oracle as detailed in their security alerts. If left unaddressed, this vulnerability poses a substantial risk to sensitive data integrity and confidentiality within affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database