CVE-2025-30746

Name of the Vulnerable Software and Affected Versions Oracle iStore versions 12.2.3 through 12.2.14

Description A flaw exists in the Shopping Cart component of the Oracle iStore product, which is part of Oracle E-Business Suite. This issue stems from insufficient input validation. A remote, unauthenticated attacker with network access via HTTP can exploit this to compromise Oracle iStore. Successful exploitation requires interaction from an individual other than the attacker, and may impact other products. Successful attacks can lead to unauthorized modification, insertion, or deletion of Oracle iStore data, as well as unauthorized read access to a subset of that data.

Recommendations For versions 12.2.3 through 12.2.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.