Oracle E-Business Suite Vulnerability in Customer Interaction History
CVE-2021-2107

8.2HIGH

Key Information:

Vendor: Oracle
Status: Customer Interaction History
Vendor: CVE Published:; 20 January 2021

Summary

A security vulnerability exists in Oracle E-Business Suite's Customer Interaction History, allowing unauthenticated attackers with network access via HTTP to exploit the system. This issue can lead to unauthorized access to sensitive data and enable attackers to manipulate or delete data. Although it requires human interaction for exploitation, the potential impacts on other connected products make it a serious concern for organizations relying on Oracle's suite.

Affected Version(s)

Customer Interaction History 12.1.1-12.1.3

Customer Interaction History 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020