Unauthenticated Access Vulnerability in Oracle Configurator from Oracle
CVE-2021-2080

8.2HIGH

Key Information:

Vendor: Oracle
Status: Configurator
Vendor: CVE Published:; 20 January 2021

Summary

This vulnerability in Oracle Configurator allows unauthenticated attackers with HTTP network access to compromise the system. While successful exploitation requires interaction from a user not involved in the attack, the consequences can be severe. Attackers may gain unauthorized access to sensitive data or exert complete control over accessible data within Oracle Configurator, enabling them to update, insert, or delete this data without authorization. Given the broad impact this can have, it is crucial for affected organizations to apply necessary patches and maintain a proactive security posture.

Affected Version(s)

Configurator 12.1

Configurator 12.2

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020