CVE-2024-21146

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jul 16, 2024
Updated: Jul 17, 2024

Summary

CVE-2024-21146 is a newly identified vulnerability in Oracle E-Business Suite's Trade Management product (component: GL Accounts), specifically affecting versions 12.2.3 to 12.2.13. This issue allows a low-privileged attacker with network access to exploit the system via HTTP. Successful attacks can lead to unauthorized creation, deletion, or modification of critical data in Oracle Trade Management, as well as complete access to all accessible data. The Base Score of this vulnerability, according to the Common Vulnerability Scoring System (CVSS) version 3.1, is 8.1, with Confidentiality and Integrity impacts. The attack vector is network-based, the access complexity is low, and the privileges required are also low. However, the attacker can gain unauthorized access to critical data or complete access to all Oracle Trade Management data upon successful exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Oracle Trade Management

Affected Vendors

  • BonqDAO