9.4 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:C/A:C
0.018 Low
EPSS
Percentile
88.0%
This vulnerability allows remote attackers to delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the APPLSYS.FND_DM_NODES package. The procedure to delete nodes does not check for a valid session thereby allowing an attacker to arbitrarily delete any node registered, including the root node.