CVE-2024-21148

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 16, 2024

Updated: Jul 17, 2024

Summary

CVE-2024-21148 is a vulnerability affecting Oracle E-Business Suite's Oracle Applications Framework (12.2.3-12.2.13 versions). This issue, located in the Personalization component, is considered easily exploitable, allowing high privileged attackers to compromise Oracle Applications Framework via HTTP. Human interaction is required for successful attacks, which may result in unauthorized update, insert, or delete access to some data and unauthorized read access to a subset of data. Scope change may lead to additional product impact. The base score, according to the Common Vulnerability Scoring System (CVSS), is 4.8 for confidentiality and integrity. The CVSS vector is (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Oracle E-Business Suite

Affected Vendors

BonqDAO

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners