Unauthenticated Access Vulnerability in Oracle iStore Shopping Cart
CVE-2021-2096

8.2HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 20 January 2021

Summary

An unauthenticated access vulnerability exists in the Oracle iStore component of the Oracle E-Business Suite, specifically affecting the Shopping Cart feature. This flaw can be exploited by attackers with network access via HTTP to compromise Oracle iStore, particularly requiring human interaction for successful attacks. The vulnerable versions include Oracle iStore 12.1.1 through 12.1.3 and 12.2.3 through 12.2.10. Exploitation may lead to unauthorized access to sensitive data, allowing attackers to potentially read, write, update, or delete crucial data within Oracle iStore, affecting not only the iStore component but also other associated products.

Affected Version(s)

iStore 12.1.1-12.1.3

iStore 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020