CVE-2024-21267

Summary

CVE-2024-21267 is a vulnerability identified in the Oracle Cost Management component of the Oracle E-Business Suite, affecting versions 12.2.12 to 12.2.13. This security flaw allows low-privileged attackers with network access via HTTP to exploit the system, potentially leading to unauthorized creation, deletion, or modification of critical data within Oracle Cost Management. The vulnerability has a CVSS 3.1 Base Score of 8.1, indicating high severity due to significant impacts on confidentiality and integrity without the need for user interaction. Organizations using affected versions are advised to implement available patches as outlined in Oracle's security alerts to mitigate risks associated with this vulnerability. If left unaddressed, it poses a serious threat by allowing attackers to gain full access to sensitive information within the application.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.