CVE-2024-20915

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2024.html
https://www.oracle.com/security-alerts/cpujan2024.html

Configurations

No configuration.

History

No history.

Information

Published : 2024-02-17 02:15

Updated : 2024-11-21 08:53

NVD link : CVE-2024-20915

Mitre link : CVE-2024-20915

CVE.ORG link : CVE-2024-20915

JSON object : View

Products Affected

No product.

CWE

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

{"id": "CVE-2024-20915", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-02-17T02:15:46.443", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Application Object Library de Oracle E-Business Suite (componente: Inicio de sesi\u00f3n - SSO). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.13. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer la librer\u00eda de objetos de aplicaciones de Oracle. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de la librer\u00eda de objetos de aplicaci\u00f3n Oracle. CVSS 3.1 Puntuaci\u00f3n base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."}], "lastModified": "2024-11-21T08:53:25.420", "sourceIdentifier": "secalert_us@oracle.com"}