Wiz
Base de datos de vulnerabilidadesCVE-2025-50090

CVE-2025-50090
Oracle E-Business Suite Análisis y mitigación de vulnerabilidades

Vista general

A vulnerability has been identified in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization), affecting versions 12.2.3-12.2.14. The vulnerability was disclosed on July 15, 2025, and is tracked as CVE-2025-50090. This security flaw affects the Oracle Applications Framework and requires human interaction from a person other than the attacker for successful exploitation (Oracle Advisory).

Técnicas

The vulnerability is characterized as easily exploitable by a low-privileged attacker with network access via HTTP to compromise Oracle Applications Framework. The vulnerability has been assigned a CVSS 3.1 Base Score of 5.4, indicating medium severity, with impacts on both Confidentiality and Integrity. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). The vulnerability has been classified as Cross-Site Request Forgery (CSRF) based on CWE-352 (NVD).

Impacto

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data, as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. The scope of the vulnerability is changed, meaning attacks may significantly impact additional products beyond the Oracle Applications Framework (Oracle Advisory).

Mitigación y soluciones alternativas

Oracle has released patches to address this vulnerability as part of the July 2025 Critical Patch Update. Organizations running affected versions (12.2.3-12.2.14) of Oracle E-Business Suite should apply the security patches as soon as possible. Oracle strongly recommends that customers apply Critical Patch Update security patches without delay to address this vulnerability (Oracle Advisory).

Recursos adicionales

FuenteEste informe se generó utilizando IA

Relacionado Oracle E-Business Suite Vulnerabilidades:

CVE ID

Severidad

Puntuación

Tecnologías

Nombre del componente

Exploit de CISA KEV

Tiene arreglo

Fecha de publicación

CVE-2025-61882CRITICAL9.8
  • Oracle E-Business SuiteOracle E-Business Suite
  • cpe:2.3:a:oracle:e-business_suite
NoOct 05, 2025
CVE-2025-30727CRITICAL9.8
  • Oracle E-Business SuiteOracle E-Business Suite
  • cpe:2.3:a:oracle:e-business_suite
NoNoApr 15, 2025
CVE-2025-21516HIGH8.1
  • Oracle E-Business SuiteOracle E-Business Suite
  • cpe:2.3:a:oracle:e-business_suite
NoJan 21, 2025
CVE-2025-21506HIGH8.1
  • Oracle E-Business SuiteOracle E-Business Suite
  • cpe:2.3:a:oracle:e-business_suite
NoJan 21, 2025
CVE-2025-50090MEDIUM5.4
  • Oracle E-Business SuiteOracle E-Business Suite
  • cpe:2.3:a:oracle:e-business_suite
NoNoJul 15, 2025

Evaluación gratuita de vulnerabilidades

Compare su postura de seguridad en la nube

Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.

Solicitar evaluación

Recursos adicionales de Wiz

Obtén una demostración personalizada

¿Listo para ver a Wiz en acción?

"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
David EstlickCISO
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
Adam FletcherJefe de Seguridad
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."
Greg PoniatowskiJefe de Gestión de Amenazas y Vulnerabilidades
Solicita una demo