CVE-2024-21280

Summary

CVE-2024-21280 is a vulnerability affecting the Oracle Service Contracts component of the Oracle E-Business Suite, specifically versions 12.2.5 to 12.2.13. This vulnerability is easily exploitable by a low-privileged attacker with network access via HTTP, potentially allowing unauthorized creation, deletion, or modification of critical data within Oracle Service Contracts. The CVSS 3.1 score for this vulnerability is 8.1, indicating high confidentiality and integrity impacts but no availability impact. To remediate this issue, organizations should apply the appropriate security updates provided in Oracle's security alerts (see reference link). Failure to address this vulnerability could lead to significant data breaches and unauthorized access to sensitive information within an organization’s contracts system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.