CVE-2024-21270

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Oct 15, 2024
CWE ID 863

Summary

CVE-2024-21270 is a vulnerability affecting the Oracle Common Applications Calendar component of the Oracle E-Business Suite, specifically in versions 12.2.6 to 12.2.13. This vulnerability can be exploited by low-privileged attackers with network access via HTTP, allowing them to create, delete, or modify critical data within the calendar application. The potential impact includes unauthorized access to sensitive data and manipulation of all accessible calendar information, with a CVSS base score of 8.1 indicating high severity concerning confidentiality and integrity risks. Organizations are advised to apply available security updates from Oracle to remediate this vulnerability effectively. Failure to address this issue may expose organizations to significant security threats and data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share