Unauthenticated Access Vulnerability in Oracle E-Business Suite Scripting Product
CVE-2021-2091

8.2HIGH

Key Information:

Vendor: Oracle
Status: Scripting
Vendor: CVE Published:; 20 January 2021

Summary

An unauthenticated access vulnerability exists in the Oracle Scripting component of the Oracle E-Business Suite. The flaw allows an attacker with network access via HTTP to exploit the Oracle Scripting functionality. Although the vulnerability is contained within Oracle Scripting, successful exploitation could allow unauthorized access to sensitive data, granting attackers the ability to read, modify, or delete information. The attacker's success hinges upon human interaction, which enhances the potential risk significantly as it can impact not only the Scripting component but other interconnected products.

Affected Version(s)

Scripting 12.1.1-12.1.3

Scripting 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020