CVE-2024-21270
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-21270 is a vulnerability affecting the Oracle Common Applications Calendar component of the Oracle E-Business Suite, specifically in versions 12.2.6 to 12.2.13. This vulnerability can be exploited by low-privileged attackers with network access via HTTP, allowing them to create, delete, or modify critical data within the calendar application. The potential impact includes unauthorized access to sensitive data and manipulation of all accessible calendar information, with a CVSS base score of 8.1 indicating high severity concerning confidentiality and integrity risks. Organizations are advised to apply available security updates from Oracle to remediate this vulnerability effectively. Failure to address this issue may expose organizations to significant security threats and data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.