CVE-2023-22004 — Corporation E-business Suite Technology Stack vulnerability

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 56.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation E-business Suite Technology Stack Oracle E-business Suite

Timeline

PublishedJul 18

Description

Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete acc…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5oracle_corporation/e-business_suite_technology_stack12.2.3 — 12.2.12

▶NVDoracle/e-business_suite12.2.3 — 12.2.12

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-22004: Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration)↗2023-07-18

▶

GHSA

GHSA-wj47-qxrp-9c25: Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration)↗2023-07-18

▶

📋Vendor Advisories

Oracle

Oracle Oracle E-Business Suite Risk Matrix: Reports Configuration — CVE-2023-22004↗2023-07-15

▶