CVE-2024-20990: Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are...
Description
Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Classification
CVE ID: CVE-2024-20990
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Problem Types
Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data.Affected Products
Vendor: Oracle Corporation
Product: E-Business Suite Technology Stack
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.12% (probability of being exploited)
EPSS Percentile: 32.76% (scored less or equal to compared to others)
EPSS Date: 2025-04-23 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-20990https://www.oracle.com/security-alerts/cpuapr2024.html