CVE-2023-21849

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Published: Jan 18, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-21849
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / e-business_suite	12.2.3	12.2.12.x

https://www.oracle.com/security-alerts/cpujan2023.html

Vulnerability Database

289,784

CVE-2023-21849