Oracle Utilities Application Framework General Vulnerability Allowing Unauthorized Data Access and Modification

A vulnerability exists in the Oracle Utilities Application Framework component of Oracle Utilities Applications. It affects versions 4.4.0.3.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4, and 25.10. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise the application framework. Exploitation requires human interaction from someone other than the attacker. While the vulnerability is contained within the Oracle Utilities Application Framework, successful attacks could significantly impact other products, leading to a scope change. Exploiting this vulnerability could result in unauthorized access to update, insert, or delete certain data within the Oracle Utilities Application Framework, as well as unauthorized read access to a subset of accessible data.

Impact

Exploitation allows for unauthorized modification, deletion, or insertion of data within the Oracle Utilities Application Framework. Additionally, it permits unauthorized read access to some of the framework's accessible data.