CNNVD-202507-1994 Information

CNNVD ID

CNNVD-202507-1994

Related CVE

CVE-2025-50090

• CNNVD Published: 2025-07-15

Description (Chinese)

Oracle E-Business Suite是美国甲骨文（Oracle）公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。 Oracle E-Business Suite的Oracle Applications Framework 12.2.3-12.2.14版本存在安全漏洞，该漏洞源于Personalization组件访问控制不当，可能导致数据未经授权读取或修改。

Description (English)

Oracle E-Business Suite is a fully integrated global business management software package for Oracle. The software provides functions such as customer relationship management, service management and financial management. There is a security loophole in Oracle E-Business Suite version 12.2.3-12.2.2.14, which stems from inadequate access control of the PERSONALIZATION component, which may lead to unauthorized data reading or modification.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

OrangeHRM

Published

2025-07-15

Last Modified

2026-02-24

References

https://www.oracle.com/security-alerts/cpujul2025.html https://nvd.nist.gov/vuln/detail/CVE-2025-50090

Patch

https://www.oracle.com/security-alerts/cpujul2025.html