Oracle E-Business Suite CRM Technical Foundation Preferences Component Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability has been identified in the Oracle CRM Technical Foundation product of Oracle E-Business Suite, specifically in the Preferences component. This issue affects supported versions 12.2.11 through 12.2.13. The vulnerability is easily exploitable and allows a high-privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Although the vulnerability resides within Oracle CRM Technical Foundation, successful attacks could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized update, insert, or delete access to certain data within Oracle CRM Technical Foundation, as well as unauthorized read access to a subset of accessible data.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications, deletions, or insertions of data within Oracle CRM Technical Foundation. Additionally, it could allow unauthorized reading of certain accessible data, according to the CVSS description.