Vulnerability in Oracle E-Business Suite Preferences Component
CVE-2021-2084

8.2HIGH

Key Information:

Vendor: Oracle
Status: Crm Technical Foundation
Vendor: CVE Published:; 20 January 2021

What is CVE-2021-2084?

The vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite allows unauthenticated attackers to exploit the system via HTTP. While successful attacks necessitate interaction from a user other than the attacker, the implications are severe, leading to unauthorized access to sensitive information and the ability to execute operations such as updates, inserts, or deletions on the data. These vulnerabilities could significantly compromise other connected systems within the Oracle ecosystem, highlighting the importance of timely security measures and patch management.

Affected Version(s)

CRM Technical Foundation 12.1.3

CRM Technical Foundation 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020