CVE-2026-21924

Name of the Vulnerable Software and Affected Versions Oracle Utilities Application Framework versions 4.4.0.3.0 through 4.5.0.2.0 Oracle Utilities Application Framework versions 25.4 and 25.10

Description A flaw exists within the Oracle Utilities Application Framework component of Oracle Utilities Applications. This issue allows a low-privileged attacker with network access via HTTP to compromise the application. Exploitation requires interaction from a user other than the attacker. While the vulnerability resides in Oracle Utilities Application Framework, successful attacks may impact other products. Successful exploitation can lead to unauthorized data modification (update, insert, or delete) and unauthorized data access (read) within Oracle Utilities Application Framework.

Recommendations Update Oracle Utilities Application Framework version 4.4.0.3.0 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.0.0 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.1.1 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.1.3 to a newer, fixed version. Update Oracle Utilities Application Framework version 4.5.0.2.0 to a newer, fixed version. Update Oracle Utilities Application Framework version 25.4 to a newer, fixed version. Update Oracle Utilities Application Framework version 25.10 to a newer, fixed version.