CVE-2024-21048

MEDIUM

Oracle Web Applications Desktop Integrator < 12.2.13 - XXE

Title source: rule

Description

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

References (1)

[Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2024.html

Scores

CVSS v3 4.3

EPSS 0.0038

EPSS Percentile 59.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

oracle/web_applications_desktop_integrator 12.2.3 - 12.2.13

Published Apr 16, 2024

Tracked Since Feb 18, 2026