CVE-2024-21048

Name of the Vulnerable Software and Affected Versions Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.13

Description The issue is related to insufficient input validation in the XML input component of Oracle Web Applications Desktop Integrator, part of the Oracle E-Business Suite. This can be exploited by a remote attacker to gain unauthorized access to data or to modify, add, or delete protected data using the HTTP protocol. The vulnerability can be easily exploited by a low-privileged attacker with network access via HTTP, potentially resulting in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data.

Recommendations For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue to prevent unauthorized access and potential data modification. As a temporary workaround, consider restricting access to the XML input component until a patch is available. Restrict network access via HTTP to minimize the risk of exploitation.