Oracle E-Business Suite iStore Shopping Cart Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability has been identified in the Oracle iStore component of Oracle E-Business Suite, specifically in versions 12.2.5 through 12.2.14. This vulnerability, which resides in the Shopping Cart feature, is easily exploitable by an unauthenticated attacker with network access via HTTP. Successful exploitation requires human interaction from a third party. While the vulnerability is contained within Oracle iStore, its effects could extend to other products, leading to a scope change. Exploitation of this vulnerability could result in unauthorized read, update, insert, or delete access to certain data accessible through Oracle iStore.

Impact

Exploitation of this vulnerability could allow for unauthorized read, update, insert, or delete access to some data accessible through Oracle iStore.

Added: Oct 21, 2025, 8:29 PM

Updated: Oct 21, 2025, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

6.5

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

1.3

exploitability

6.5

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle E-Business Suite iStore Shopping Cart Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle iStore

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating