CNNVD-202510-2700 Information
CNNVD ID
CNNVD-202510-2700
Related CVE
- CNNVD Published: 2025-10-21
Description (Chinese)
Oracle E-Business Suite是美国甲骨文(Oracle)公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。Applications Framework(OA Framework,OAF)是其中的一个商务开发平台组件。 Oracle E-Business Suite的Oracle Applications Framework 12.2.3版本至12.2.14版本存在安全漏洞,该漏洞源于低权限攻击者可通过HTTP网络访问进行攻击,可能导致数据未经授权更新、插入或删除。
Description (English)
Oracle E-Business Suite is a fully integrated global business management software package for Oracle. The software provides functions such as customer relationship management, service management and financial management. Applications Platform (OA Framework, OAF) is a commercial development platform component. There is a security loophole in Oracle E-Business Suite, versions 12.2.3 to 12.2.14, which originates from low-authorized attackers who can attack via HTTP network, which may lead to unauthorized data updating, insertion or deletion.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
甲骨文
Published
2025-10-21
Last Modified
2026-02-24
References
https://www.oracle.com/security-alerts/cpuoct2025.html https://access.redhat.com/security/cve/cve-2025-53071
Patch
https://www.oracle.com/security-alerts/cpuoct2025.html
Share on: