Unauthenticated Access Vulnerability in Oracle E-Business Suite's Customer Interaction History
CVE-2021-2106

8.2HIGH

Key Information:

Vendor: Oracle
Status: Customer Interaction History
Vendor: CVE Published:; 20 January 2021

Summary

An easily exploitable vulnerability exists in the Oracle Customer Interaction History component of Oracle E-Business Suite. This flaw allows an unauthenticated attacker with network access via HTTP to compromise sensitive Oracle data without needing direct access. While the vulnerability primarily resides in the Customer Interaction History feature, its exploitation could extend to affect additional products within the Oracle ecosystem. Successful exploitation necessitates human interaction from a different user. Attackers leveraging this vulnerability risk unauthorized access to critical data, as well as the capability to execute unauthorized modifications such as updates, insertions, or deletions of accessible data.

Affected Version(s)

Customer Interaction History 12.1.1-12.1.3

Customer Interaction History 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020