Exploitable Vulnerability in Oracle Enterprise Manager for Fusion Middleware
CVE-2021-2008

7.3HIGH

Key Information:

Vendor: Oracle
Status: Enterprise Manager For Fusion Middleware
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability exists in the Enterprise Manager for Fusion Middleware that enables an unauthenticated attacker to potentially compromise the system through HTTP access. This flaw allows attackers to gain unauthorized read, update, insert, or delete access to sensitive data. The vulnerability also opens the door to causing a partial denial of service, affecting the performance and availability of the Enterprise Manager application. Affected versions include 11.1.1.9 and 12.2.1.3, highlighting the necessity for users to apply the relevant security updates.

Affected Version(s)

Enterprise Manager for Fusion Middleware 11.1.1.9

Enterprise Manager for Fusion Middleware 12.2.1.3

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020