Oracle E-Business Suite Advanced Outbound Telephony Region Mapping Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability exists in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.10. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Exploitation of this vulnerability requires human interaction from a third party. While the vulnerability is contained within Oracle Advanced Outbound Telephony, successful attacks could significantly affect other products, leading to a scope change. The vulnerability allows for unauthorized read access to certain subsets of Oracle Advanced Outbound Telephony data, as well as unauthorized update, insert, or delete access to some accessible data within the application.

Impact

Exploitation of this vulnerability could result in unauthorized access to read, modify, insert, or delete data within Oracle Advanced Outbound Telephony. Additionally, according to Oracle, successful attacks could impact other products, leading to a scope change.