Oracle E-Business Suite Configurator User Interface Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.15. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful exploitation can lead to unauthorized read access to certain Oracle Configurator data.

Impact

Exploitation of this vulnerability could result in unauthorized access to a portion of data within Oracle Configurator.

Added: Jan 20, 2026, 10:41 PM

Updated: Jan 20, 2026, 10:41 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.4

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.4

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle E-Business Suite Configurator User Interface Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Affected Products

Oracle Configurator

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating