Vulnerability DatabaseCVE-2023-21849

CVE-2023-21849:
Oracle E-Business Suite vulnerability analysis and mitigation

Overview

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils) affects versions 12.2.3-12.2.12. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Applications DBA. The vulnerability was disclosed on January 17, 2023, as part of Oracle's Critical Patch Update (Oracle Advisory, NVD).

Technical details

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and impacts only integrity (I:H) with no effect on confidentiality or availability (Oracle Advisory).

Impact

Successful exploitation of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data. The high integrity impact indicates that attackers can modify data in ways that could significantly affect the system (Oracle Advisory).

Mitigation and workarounds

Oracle has released security patches for this vulnerability as part of their January 2023 Critical Patch Update. Organizations running affected versions (12.2.3-12.2.12) of Oracle Applications DBA should apply the security patches immediately. Oracle strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay (Oracle Advisory).

Additional resources

Source: This report was generated using AI

Related Oracle E-Business Suite vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-61882	CRITICAL	9.8	Oracle E-Business Suite	cpe:2.3:a:oracle:e-business_suite	Yes	No	Oct 05, 2025
CVE-2025-30727	CRITICAL	9.8	Oracle E-Business Suite	cpe:2.3:a:oracle:e-business_suite	No	No	Apr 15, 2025
CVE-2025-21516	HIGH	8.1	Oracle E-Business Suite	cpe:2.3:a:oracle:e-business_suite	No	Yes	Jan 21, 2025
CVE-2025-21506	HIGH	8.1	Oracle E-Business Suite	cpe:2.3:a:oracle:e-business_suite	No	Yes	Jan 21, 2025
CVE-2025-50090	MEDIUM	5.4	Oracle E-Business Suite	cpe:2.3:a:oracle:e-business_suite	No	No	Jul 15, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2023-21849: Oracle E-Business Suite vulnerability analysis and mitigation