PT-2025-16461 · Oracle · Oracle Scripting

Iuhrm

Publicado

2025-04-15

Atualizado

2025-04-16

CVE-2025-30727

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Scripting versions 12.2.3 through 12.2.14

Description A vulnerability in the Oracle Scripting product of Oracle E-Business Suite, specifically in the iSurvey Module, allows an unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks can result in the takeover of Oracle Scripting.

Recommendations For versions 12.2.3 through 12.2.14, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-20

Identificadores relacionados

BDU:2025-04643

CVE-2025-30727

Produtos afetados

Oracle Scripting

PT-2025-16461 · Oracle · Oracle Scripting

CVE-2025-30727

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11