CVE-2024-21279

Summary

CVE-2024-21279 is a significant vulnerability affecting the Oracle Sourcing component of the Oracle E-Business Suite, specifically versions 12.2.3 to 12.2.13. The flaw allows low-privileged attackers with network access via HTTP to exploit the system, potentially leading to unauthorized creation, deletion, or modification of critical data within Oracle Sourcing. The vulnerability has a CVSS score of 8.1, indicating high severity due to its potential impact on confidentiality and integrity without requiring user interaction. Organizations are advised to apply available patches and security updates from Oracle's official security alerts to mitigate this risk. If exploited, this vulnerability poses a considerable threat by allowing attackers broad access to sensitive information and operations within the affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.