Unauthenticated Access Vulnerability in Oracle Configurator from Oracle
CVE-2021-2079

8.2HIGH

Key Information:

Vendor: Oracle
Status: Configurator
Vendor: CVE Published:; 20 January 2021

Summary

Oracle Configurator, part of Oracle Supply Chain, contains a vulnerability that allows unauthenticated attackers to compromise the system through HTTP. This issue primarily affects versions 12.1 and 12.2, enabling unauthorized access to sensitive data. Although successful exploitation requires human interaction, the potential consequences can be severe, including complete access to all accessible data, unauthorized updates, inserts, or deletions within Oracle Configurator. This vulnerability poses significant risks not just to Oracle Configurator itself but may also impact other interrelated products.

Affected Version(s)

Configurator 12.1

Configurator 12.2

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020