CVE-2024-21088

Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Production Scheduling accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Configurations

No configuration.

History

15 Nov 2024, 22:35

Type Values Removed Values Added
CWE CWE-444

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Production Scheduling de Oracle E-Business Suite (componente: Import Utility). Las versiones compatibles que se ven afectadas son 12.2.4-12.2.12. Una vulnerabilidad fácilmente explotable permite que un atacante no autenticado con acceso a la red a través de HTTP comprometa la programación de producción de Oracle. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o a todos los datos accesibles de Oracle Production Scheduling. CVSS 3.1 Puntaje base 7.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

16 Apr 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-16 22:15

Updated : 2024-11-15 22:35


NVD link : CVE-2024-21088

Mitre link : CVE-2024-21088

CVE.ORG link : CVE-2024-21088


JSON object : View

Products Affected

No product.

CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')