CVE-2023-21855

Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales for Handhelds. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sales for Handhelds accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:sales_for_handhelds:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:43

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpujan2023.html - Patch, Vendor Advisory () https://www.oracle.com/security-alerts/cpujan2023.html - Patch, Vendor Advisory

23 Sep 2024, 20:35

Type Values Removed Values Added
CWE CWE-284
Summary
  • (es) Vulnerabilidad en el producto Oracle Sales for Handhelds de Oracle E-Business Suite (componente: Pocket Outlook Sync(PocketPC)). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.12. Una vulnerabilidad fácilmente explotable permite que un atacante no autenticado con acceso a la red a través de HTTP comprometa Oracle Sales for Handhelds. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creación, eliminación o modificación no autorizada del acceso a datos críticos o a todos los datos accesibles de Oracle Sales for Handhelds. CVSS 3.1 Puntaje base 7.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Information

Published : 2023-01-18 00:15

Updated : 2024-11-21 07:43


NVD link : CVE-2023-21855

Mitre link : CVE-2023-21855

CVE.ORG link : CVE-2023-21855


JSON object : View

Products Affected

oracle

  • sales_for_handhelds
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control