Oracle E-Business Suite Application Object Library Core Component Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability exists in the Oracle Application Object Library component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Application Object Library. Exploitation of this vulnerability requires human interaction from a third party. While the vulnerability is localized to the Oracle Application Object Library, successful attacks could have a broader impact on additional products. The vulnerability allows for unauthorized read access to certain data within the Oracle Application Object Library, as well as unauthorized updates, inserts, or deletions of accessible data.

Impact

Exploitation of this vulnerability could lead to unauthorized access and modification of data within the Oracle Application Object Library, including the ability to read, update, insert, or delete certain accessible data. Additionally, successful attacks could impact other products, changing the scope of the vulnerability.