Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOracle E Business Suite
APPOracle12.2.3 – 12.2.11
CISA KEV — detailsi
- Vendori
- Oracle ↗
- Producti
- E-Business Suite
- Added to KEVi
- February 2, 2023
- Remediation deadline (US Federal)i
- February 23, 2023(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Related vulnerabilities
Krytyczny Auth Bypass w Oracle Internet Procurement Connector (E-Business Suite)
Krytyczna podatność Auth Bypass w Oracle Payments (E-Business Suite)
Krytyczny Auth Bypass w Oracle E-Business Suite — moduł iSurvey
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Que...
Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Perform...