The vulnerability of the sub-component of the CRM User Management Framework in the Oracle Common Applications of the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, add, or delete data.

🗓️ 24 Jan 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Oracle E-Business Suite CRM User Management Framework flaw enables unauthorized data read, modify, add, or delete via HTTP.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-20947	8 Feb 202408:41	–	circl
CNNVD	Oracle E-Business Suite Security Vulnerability	17 Jan 202400:00	–	cnnvd
CVE	CVE-2024-20947	17 Feb 202401:50	–	cve
Cvelist	CVE-2024-20947	17 Feb 202401:50	–	cvelist
EUVD	EUVD-2024-18661	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Oracle E-Business Suite	18 Jan 202400:00	–	ncsc
NVD	CVE-2024-20947	17 Feb 202402:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - January 2024	16 Jan 202400:00	–	oracle
Tenable Nessus	Oracle E-Business Suite (January 2024 CPU)	18 Jan 202400:00	–	nessus
Prion	Buffer overflow	17 Feb 202402:15	–	prion

Vulners

Node

oracle e-business_suiteRange12.2.3–12.2.13

OR

oracle oracle_common_applicationsRange12.2.3–12.2.13

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2024verbose.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024011772
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

24 Jan 2024 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 36.1

CVSS 26.4

EPSS0.00234

Oracle E-Business Suite CRM User Management input validation data access Hypertext Transfer Protocol