Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Oracle E-Business Suite Oracle Configurator Runtime UI Unauthenticated Data Access Vulnerability

Vulnerability

Exploited

A vulnerability exists in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Exploitation of this vulnerability could lead to unauthorized access to sensitive data or complete access to all data accessible through Oracle Configurator.

Impact

Successful exploitation allows unauthorized access to sensitive data or complete access to all data in Oracle Configurator.

Remediation

Users are advised to apply the patches available through the Oracle E-Business Suite Security Alert program. Instructions can be found in the Oracle E-Business Suite Patch Availability Document.

Added: Oct 12, 2025, 3:19 AM

Updated: Oct 20, 2025, 2:38 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

9.1

remediation

7.7

relevance

0.7

threat

9.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

5.0

exploitability

9.1

remediation

7.7

relevance

0.7

threat

9.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Oracle E-Business Suite Oracle Configurator Runtime UI Unauthenticated Data Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Oracle Configurator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating