Oracle E-Business Suite CRM Technical Foundation Preferences Component Vulnerability

Vulnerability

A vulnerability exists in the Preferences component of the Oracle CRM Technical Foundation product within Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.14. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Exploitation requires human interaction from a third party. While the vulnerability is localized to Oracle CRM Technical Foundation, successful attacks could significantly impact other products, leading to a scope change. The vulnerability allows unauthorized update, insert, or delete access to certain accessible data within Oracle CRM Technical Foundation, as well as unauthorized read access to a subset of the same data.

Impact

Exploitation of this vulnerability could result in unauthorized access to read, update, insert, or delete data within Oracle CRM Technical Foundation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.3

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.3

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle E-Business Suite CRM Technical Foundation Preferences Component Vulnerability

Vulnerability

Impact

Affected Products

Oracle CRM Technical Foundation

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating