PT-2026-3719 · Oracle · Oracle E-Business Suite+1
Published
2026-01-20
·
Updated
2026-01-21
·
CVE-2026-21972
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Configurator versions 12.2.3 through 12.2.15
Description
An easily exploitable issue exists in the User Interface component of Oracle Configurator within Oracle E-Business Suite. An unauthenticated attacker with network access via HTTP can compromise Oracle Configurator, resulting in unauthorized read access to a subset of accessible data.
Recommendations
Versions prior to 12.2.3 and after 12.2.15 are not affected.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Configurator
Oracle E-Business Suite