Unauthorized Data Access in Oracle Marketing by Oracle Corporation
CVE-2021-2027

8.2HIGH

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability in Oracle Marketing, part of the Oracle E-Business Suite, permits an unauthenticated attacker with network access to exploit the system via HTTP. The attack requires interaction from a user other than the attacker, making it highly insidious. Successful exploitation can lead to unauthorized access to sensitive data and operational disruption, allowing attackers to modify, insert, or delete information within Oracle Marketing. This flaw can impact the integrity and confidentiality of critical business data, extending beyond the Marketing module itself.

Affected Version(s)

Marketing 12.1.1-12.1.3

Marketing 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020