Lucene search

K
cveOracleCVE-2024-20939
HistoryFeb 17, 2024 - 2:15 a.m.

CVE-2024-20939

2024-02-1702:15:48
oracle
web.nvd.nist.gov
32
oracle crm technical foundation
oracle e-business suite
cve-2024-20939
vulnerability
admin console
http
cvss 3.1
denial of service
nvd

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.1

Confidence

High

EPSS

0

Percentile

13.3%

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

Vulners
Node
oraclecrm_technical_foundationRange12.0.012.2.13
VendorProductVersionCPE
oraclecrm_technical_foundation*cpe:2.3:a:oracle:crm_technical_foundation:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "CRM Technical Foundation",
    "versions": [
      {
        "version": "12.2.3",
        "status": "affected",
        "lessThanOrEqual": "12.2.13",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.1

Confidence

High

EPSS

0

Percentile

13.3%