Unauthenticated Access Vulnerability in Oracle iStore by Oracle Corporation
CVE-2021-2089

8.2HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 20 January 2021

What is CVE-2021-2089?

The vulnerability in Oracle iStore within the Oracle E-Business Suite allows an unauthenticated attacker to gain unauthorized access via HTTP. This attack necessitates human interaction from a third party, which raises the risks associated with the exploitation. The compromised Oracle iStore environment can lead to unauthorized access to sensitive data and the ability to perform critical operations such as updates, inserts, or deletions of accessible data. The impact may extend beyond iStore, affecting associated applications and data integrity.

Affected Version(s)

iStore 12.1.1-12.1.3

iStore 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020