The vulnerability of the HTML UI component of the Oracle Installed Base information storage center in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, add, or delete data.

🗓️ 24 Jan 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

The HTML UI of Oracle Installed Base in Oracle E-Business Suite has insufficient input validation, exposing data.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-20941	8 Feb 202407:36	–	circl
CNNVD	Oracle E-Business Suite Security Vulnerability	17 Jan 202400:00	–	cnnvd
CVE	CVE-2024-20941	17 Feb 202401:50	–	cve
Cvelist	CVE-2024-20941	17 Feb 202401:50	–	cvelist
EUVD	EUVD-2024-18655	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Oracle E-Business Suite	18 Jan 202400:00	–	ncsc
NVD	CVE-2024-20941	17 Feb 202402:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - January 2024	16 Jan 202400:00	–	oracle
Tenable Nessus	Oracle E-Business Suite (January 2024 CPU)	18 Jan 202400:00	–	nessus
OSV	CVE-2024-20941	17 Feb 202402:15	–	osv

Vulners

Node

oracle e-business_suiteRange12.2.3–12.2.13

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2024verbose.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024011777
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail

24 Jan 2024 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 36.1

CVSS 26.4

EPSS0.00225

oracle installed base html user interface insufficient input validation information storage center oracle business suite web protocol data access risk