CVE-2023-22093

CWE-122Heap-based Buffer Overflow5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 71.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation IrecruitmentOracle E-business Suite
Timeline
PublishedOct 17
Latest updateNov 14

Description

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iRecruitment accessible data as well as unauthorized read access to a subset of Or

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5oracle_corporation/irecruitment12.2.312.2.12
NVDoracle/e-business_suite12.2.312.2.12

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-f4h9-mcvf-w57c: Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy)2023-10-18
CVEList
CVE-2023-22093: Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy)2023-10-17

📋Vendor Advisories

2
Red Hat
gimp: dds buffer overflow RCE2023-11-14
Oracle
Oracle Oracle E-Business Suite Risk Matrix: Requisition and Vacancy — CVE-2023-220932023-10-15
CVE-2023-22093 (MEDIUM CVSS 6.5) | Vulnerability in the Oracle iRecrui | cvebase.io