Oracle Argus Safety Weakness in Case Form Component
CVE-2021-2040

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Argus Safety
Vendor: CVE Published:; 20 January 2021

What is CVE-2021-2040?

An identified vulnerability in Oracle Argus Safety, specifically within the Case Form component, can allow an unauthenticated attacker with network access via HTTP to potentially compromise the system. Although direct attacks are contingent upon user interaction from a third party, the ramifications extend beyond Oracle Argus Safety itself, posing risks to complementary products as well. Successful exploitation of this issue could facilitate unauthorized modifications, including updates, insertions, or deletions of data, in addition to providing unauthorized read access to sensitive information managed by Oracle Argus Safety.

Affected Version(s)

Argus Safety 8.2.2

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020