CVE-2024-21269
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-21269 is a vulnerability found in the Oracle Incentive Compensation component of the Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.13. This security flaw allows low-privileged attackers with network access via HTTP to potentially create, delete, or modify critical data within the Oracle Incentive Compensation system, posing significant risks to confidentiality and integrity as indicated by a CVSS base score of 8.1. Organizations using affected versions are advised to apply patches or updates provided by Oracle to remediate this issue. The vulnerability is categorized under CWE-863, which relates to incorrect authorization, highlighting its potential for unauthorized data manipulation. Without remediation, compromised systems could lead to unauthorized access and manipulation of sensitive financial information within organizations utilizing the affected software.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.