CVE-2024-20915

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.13

Description The issue is related to insufficient input validation in the Login - SSO component of the Oracle Application Object Library product. This allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Application Object Library, resulting in a partial denial of service. The vulnerability is easily exploitable and can be triggered remotely.

Recommendations For versions 12.2.3 through 12.2.13, consider disabling the Login - SSO component until a patch is available to prevent exploitation. Restrict access to the Oracle Application Object Library to minimize the risk of a partial denial of service. Avoid using the HTTP protocol to access the vulnerable component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.