CVE-2025-50090

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.14

Description A vulnerability exists within the Personalization component of the Oracle Applications Framework product of Oracle E-Business Suite. This issue is easily exploitable, allowing a low-privileged attacker with network access via HTTP to compromise the Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and may impact additional products. Successful exploitation can lead to unauthorized data modification, insertion, or deletion, as well as unauthorized read access to a subset of data accessible by the Oracle Applications Framework.

Recommendations Versions prior to 12.2.3 should be considered for upgrade. Versions 12.2.3 through 12.2.14 should be updated.