Unauthenticated Access Vulnerability in Oracle E-Business Suite CRM User Management Framework
CVE-2021-2093

8.2HIGH

Key Information:

Vendor: Oracle
Status: Common Applications
Vendor: CVE Published:; 20 January 2021

Summary

The vulnerability in the Oracle E-Business Suite's CRM User Management Framework allows an unauthenticated attacker with network access to compromise the application. Although successful attacks necessitate human interaction from a separate individual, the implications are serious, potentially leading to unauthorized access to sensitive data, and the ability to update, insert, or delete data within the Oracle Common Applications. This vulnerability affects several supported versions of the E-Business Suite, emphasizing the necessity for users to stay vigilant and implement necessary security measures to mitigate risks.

Affected Version(s)

Common Applications 12.1.1-12.1.3

Common Applications 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020