CVE-2024-21146
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-21146 is a newly identified vulnerability in Oracle E-Business Suite's Trade Management product (component: GL Accounts), specifically affecting versions 12.2.3 to 12.2.13. This issue allows a low-privileged attacker with network access to exploit the system via HTTP. Successful attacks can lead to unauthorized creation, deletion, or modification of critical data in Oracle Trade Management, as well as complete access to all accessible data. The Base Score of this vulnerability, according to the Common Vulnerability Scoring System (CVSS) version 3.1, is 8.1, with Confidentiality and Integrity impacts. The attack vector is network-based, the access complexity is low, and the privileges required are also low. However, the attacker can gain unauthorized access to critical data or complete access to all Oracle Trade Management data upon successful exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Oracle Trade Management
Affected Vendors
- BonqDAO