Oracle E-Business Suite Oracle Applications Framework Personalization Component Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability exists in the Oracle Applications Framework component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This easily exploitable vulnerability allows a low-privileged attacker with network access via HTTP to compromise the Oracle Applications Framework. Successful exploitation requires human interaction from a person other than the attacker. While the vulnerability resides in the Oracle Applications Framework, its effects may extend to other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read access to certain subsets of Oracle Applications Framework data, as well as unauthorized updates, inserts, or deletions of other accessible data within the framework.

Impact

Exploitation allows for unauthorized read access to some Oracle Applications Framework data, as well as unauthorized updates, inserts, or deletions of other accessible data within the framework.