CVE-2026-21972
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | configurator | From 12.2.3 (inc) to 12.2.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Configurator product of Oracle E-Business Suite, specifically in the User Interface component. It affects supported versions 12.2.3 through 12.2.15. The vulnerability is easily exploitable by an unauthenticated attacker who has network access via HTTP. Successful exploitation allows the attacker to gain unauthorized read access to some data accessible through Oracle Configurator.
How can this vulnerability impact me? :
The impact of this vulnerability is unauthorized disclosure of information. An attacker can read a subset of data accessible through Oracle Configurator without authentication, potentially exposing sensitive information. However, it does not allow modification or disruption of data or services.