CVE-2024-21270

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.6 through 12.2.13

Description The issue is related to a vulnerability in the Oracle Common Applications Calendar product, specifically in the Tasks component. This vulnerability can be easily exploited by a low-privileged attacker with network access via HTTP, allowing them to compromise the Oracle Common Applications Calendar. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data within the Oracle Common Applications Calendar, as well as unauthorized access to critical data. The vulnerability is associated with deficiencies in the authorization procedure due to incorrect input data validation.

Recommendations For versions 12.2.6 through 12.2.13, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Tasks component to minimize the risk of exploitation. Additionally, ensure that all input data is properly validated to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.