CVE-2024-21143
📋 TL;DR
This vulnerability allows unauthenticated attackers with network access via HTTP to read sensitive data from Oracle iStore, part of Oracle E-Business Suite. It affects Oracle iStore versions 12.2.3 through 12.2.13. The vulnerability is easily exploitable and results in unauthorized access to a subset of Oracle iStore data.
💻 Affected Systems
- Oracle iStore
📦 What is this software?
Istore by Oracle
⚠️ Risk & Real-World Impact
Worst Case
Attackers exfiltrate sensitive customer data, order information, or user details from iStore databases, leading to data breaches and regulatory violations.
Likely Case
Attackers scan for vulnerable instances and extract accessible data like user profiles, order details, or product information.
If Mitigated
With proper network segmentation and access controls, impact is limited to isolated data exposure without lateral movement.
🎯 Exploit Status
CVSS indicates low attack complexity and no authentication required. No public exploit code is known as of the advisory date.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply Oracle Critical Patch Update for July 2024
Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2024.html
Restart Required: Yes
Instructions:
1. Download the appropriate patch from Oracle Support. 2. Apply the patch following Oracle E-Business Suite patching procedures. 3. Restart affected services. 4. Verify the patch is applied correctly.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict HTTP access to Oracle iStore endpoints to trusted IP addresses only.
iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Web Application Firewall Rules
allConfigure WAF to block suspicious requests to iStore user management endpoints.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Oracle iStore from untrusted networks.
- Monitor and log all access to iStore endpoints for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check Oracle E-Business Suite version and iStore component version against affected range 12.2.3-12.2.13.Check Version:
SELECT RELEASE_NAME FROM FND_PRODUCT_GROUPS;Verify Fix Applied:
Verify that the July 2024 Critical Patch Update has been applied successfully and no unauthorized access occurs.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP GET requests to iStore user management endpoints from unauthenticated sources.
- Multiple failed authentication attempts followed by data access patterns.
Network Indicators:
- HTTP traffic to iStore endpoints from unexpected IP addresses or geolocations.
- Spike in outbound data transfers from iStore servers.
SIEM Query:
source="oracle_ebs_logs" AND (uri="/iStore/*" OR uri="/OA_HTML/*") AND status=200 AND user="-"