CVE-2024-21282

Summary

CVE-2024-21282 identifies a vulnerability in the Oracle Financials component of the Oracle E-Business Suite, affecting supported versions 12.2.3 to 12.2.13. This flaw allows low-privileged attackers with network access via HTTP to compromise the system, potentially leading to unauthorized creation, deletion, or modification of critical data within Oracle Financials. The CVSS 3.1 Base Score for this vulnerability is 8.1, indicating high severity due to significant impacts on confidentiality and integrity. To mitigate this risk, organizations should update their systems as recommended by Oracle’s security alerts. Failure to address this vulnerability poses a substantial threat to data security and integrity within affected organizations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.