CVE-2024-20939

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.13

Description The issue is related to insufficient input validation in the Admin Console component of Oracle CRM Technical Foundation, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation.

Recommendations For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Admin Console component to minimize the risk of exploitation. Additionally, ensure that all input data is properly validated to prevent unauthorized actions.