Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| Link | Resource |
|---|---|
| https://www.oracle.com/security-alerts/cpuapr2025.html |
Configurations
No configuration.
History
17 Apr 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-732 |
16 Apr 2025, 13:25
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
15 Apr 2025, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-04-15 21:16
Updated : 2025-04-17 18:15
NVD link : CVE-2025-30708
Mitre link : CVE-2025-30708
CVE.ORG link : CVE-2025-30708
JSON object : View
Products Affected
No product.
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource