Oracle Configure To Order
Monthly
Authenticated data tampering and disclosure in Oracle Configure to Order (Oracle E-Business Suite) versions 12.2.3 through 12.2.15 allows a low-privileged attacker with network access via HTTP to fully read, modify, create, or delete all data accessible to the Supply to Order Workbench component. Oracle rates the issue CVSS 8.1 and describes it as easily exploitable; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Authenticated data tampering and disclosure in Oracle Configure to Order (Oracle E-Business Suite) versions 12.2.3 through 12.2.15 allows a low-privileged attacker with network access via HTTP to fully read, modify, create, or delete all data accessible to the Supply to Order Workbench component. Oracle rates the issue CVSS 8.1 and describes it as easily exploitable; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.