Unauthorized Access Vulnerability in Oracle E-Business Suite
CVE-2021-2099

8.2HIGH

Key Information:

Vendor: Oracle
Status: Crm Technical Foundation
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability exists in the Oracle CRM Technical Foundation component of Oracle E-Business Suite that allows unauthenticated attackers to exploit it via HTTP. Although the attack requires human interaction, successful exploitation can lead to unauthorized access to critical data and may allow attackers to perform operations such as updating, inserting, or deleting accessible data. The vulnerability impacts multiple versions, exposing organizations to significant security risks.

Affected Version(s)

CRM Technical Foundation 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020