Unauthorized Data Access Vulnerability in Oracle E-Business Suite iSupport
CVE-2021-2083

8.2HIGH

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability in Oracle iSupport allows unauthenticated attackers with network access to compromise sensitive data. This exploit requires interaction from a user besides the attacker, leading to unauthorized access to critical data contained within Oracle iSupport systems. Successful exploitation may enable attackers to perform unauthorized updates, insertions, or deletions of accessible data, thereby significantly jeopardizing data integrity and confidentiality.

Affected Version(s)

iSupport 12.1.1-12.1.3

iSupport 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020