CVE-2024-21269: 
Oracle E-Business Suite vulnerability analysis and mitigation

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan) affects supported versions 12.2.3-12.2.13. This vulnerability was disclosed as part of Oracle's October 2024 Critical Patch Update (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 8.1 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. The vulnerability is characterized as easily exploitable by a low-privileged attacker with network access via HTTP protocol (NVD).

Successful exploitation of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Incentive Compensation accessible data, as well as unauthorized access to critical data or complete access to all Oracle Incentive Compensation accessible data (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of the October 2024 Critical Patch Update. Users are strongly recommended to apply the security patches without delay to affected Oracle E-Business Suite installations running versions 12.2.3-12.2.13 (Oracle Advisory).