CVE-2024-21278

Summary

CVE-2024-21278 is a vulnerability found in the Oracle Contract Lifecycle Management for Public Sector component of the Oracle E-Business Suite, affecting versions 12.2.3 to 12.2.13. This vulnerability allows low-privileged attackers with network access to exploit it via HTTP, potentially leading to unauthorized creation, deletion, or modification of critical data within the system. The CVSS 3.1 Base Score for this vulnerability is 8.1, indicating high severity with significant impacts on confidentiality and integrity. Organizations are advised to implement available security patches from Oracle to remediate this issue and mitigate associated risks. Failure to address this vulnerability could result in severe data breaches and unauthorized access to sensitive information within the affected products.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.