Vulnerability in Oracle E-Business Suite Print Server Affects One-to-One Fulfillment
CVE-2021-2101

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: One-to-one Fulfillment
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability in the Print Server component of Oracle's One-to-One Fulfillment within the E-Business Suite allows unauthenticated attackers with network access via HTTP to compromise the system. Exploiting this vulnerability enables unauthorized creation, deletion, or modification of critical data, leading to potential unauthorized access to all accessible data within Oracle's fulfillment services.

Affected Version(s)

One-to-One Fulfillment 12.1.1-12.1.3

One-to-One Fulfillment 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020