The vulnerability of the sub-component “Outcome-Result” of the component “Oracle Customer Interaction History” in the Oracle E-Business Suite system, which allows a malicious user to access, modify, add, or delete data.

🗓️ 07 Feb 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Oracle ebusiness suite vulnerability in Customer Interaction History enables data access and modification via insufficient input validation.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-20950	8 Feb 202406:11	–	circl
CNNVD	Oracle E-Business Suite Security Vulnerability	16 Jan 202400:00	–	cnnvd
CVE	CVE-2024-20950	16 Jan 202421:41	–	cve
Cvelist	CVE-2024-20950	16 Jan 202421:41	–	cvelist
EUVD	EUVD-2024-18664	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Oracle E-Business Suite	18 Jan 202400:00	–	ncsc
NVD	CVE-2024-20950	16 Jan 202422:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - January 2024	16 Jan 202400:00	–	oracle
Tenable Nessus	Oracle E-Business Suite (January 2024 CPU)	18 Jan 202400:00	–	nessus
Prion	Buffer overflow	16 Jan 202422:15	–	prion

Vulners

Node

oracle e-business_suiteRange12.2.3–12.2.13

OR

oracle oracle_customer_interaction_historyRange12.2.3–12.2.13

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2024verbose.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024011778
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

07 Feb 2024 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 36.1

CVSS 26.4

EPSS0.00327

oracle ebusiness suite customer interaction history data access input validation crm user management http protocol