CVE-2024-20939

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20939
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:customer_relationship_management_technical_foundation:*:*:*:*:*:*:*:*
History

29 Nov 2024, 14:08

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:customer_relationship_management_technical_foundation:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Oracle customer Relationship Management Technical Foundation
Oracle
References () https://www.oracle.com/security-alerts/cpujan2024.html - () https://www.oracle.com/security-alerts/cpujan2024.html - Vendor Advisory

21 Nov 2024, 08:53

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpujan2024.html - () https://www.oracle.com/security-alerts/cpujan2024.html -

20 Feb 2024, 19:51

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle CRM Technical Foundation de Oracle E-Business Suite (componente: Admin Console). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios y acceso a la red a través de HTTP comprometer Oracle CRM Technical Foundation. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegación de servicio parcial (DOS parcial) de Oracle CRM Technical Foundation. CVSS 3.1 Puntuación base 4.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).

17 Feb 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-17 02:15

Updated : 2024-11-29 14:08

NVD link : CVE-2024-20939

Mitre link : CVE-2024-20939

CVE.ORG link : CVE-2024-20939

JSON object : View

Products Affected

oracle

  • customer_relationship_management_technical_foundation
CWE
NVD-CWE-noinfo