Cross-Site Scripting Vulnerability in Oracle One-to-One Fulfillment Product
CVE-2021-2094

8.2HIGH

Key Information:

Vendor: Oracle
Status: One-to-one Fulfillment
Vendor: CVE Published:; 20 January 2021

Summary

An exploitable vulnerability exists in the Print Server component of Oracle's One-to-One Fulfillment within the Oracle E-Business Suite. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the application. Although successful exploitation requires user interaction, it could lead to unauthorized access to critical data and manipulation of accessible data within the Oracle One-to-One Fulfillment. This can include unauthorized updates, inserts, or deletions, significantly impacting additional products utilized alongside the Oracle suite. Organizations using versions 12.1.1 through 12.1.3 and 12.2.3 through 12.2.10 should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

One-to-One Fulfillment 12.1.1-12.1.3

One-to-One Fulfillment 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020