CVE-2024-21250

Name of the Vulnerable Software and Affected Versions Oracle Process Manufacturing Product Development versions 12.2.13 through 12.2.14

Description The issue is related to weaknesses in the authorization procedure of the Quality Manager Specification component in Oracle Process Manufacturing Product Development, part of the Oracle E-Business Suite. This can allow a remote attacker to gain read, modify, or delete access to data via the HTTP protocol. Successful exploitation can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all accessible data within Oracle Process Manufacturing Product Development.

Recommendations For versions 12.2.13 through 12.2.14, apply the necessary patch to fix the vulnerability in the Quality Manager Specification component. As a temporary workaround, consider restricting access to the Quality Manager Specification component until a patch is available. Additionally, limit network access via HTTP to minimize the risk of exploitation.