Unauthorized Access Vulnerability in Oracle E-Business Suite's iSupport
CVE-2021-2097

8.2HIGH

Key Information:

Vendor: Oracle
Status: Isupport
Vendor: CVE Published:; 20 January 2021

Summary

The vulnerability in Oracle iSupport, part of the Oracle E-Business Suite, allows attackers to gain unauthorized access to sensitive information. Attackers can exploit the flaw remotely via HTTP, potentially with only user interaction required, which raises significant security concerns for organizations utilizing affected versions. Successful exploitation could enable attackers to access confidential data, along with the ability to update, insert, or delete critical information within the system. Given the reach of this vulnerability, it poses a substantial risk not only to the iSupport functionality but also to the integrity of broader systems relying on this product.

Affected Version(s)

iSupport 12.1.1-12.1.3

iSupport 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020