Unauthorized Access Risk in Oracle Argus Safety by Oracle Health Sciences
CVE-2021-2110

5MEDIUM

Key Information:

Vendor: Oracle
Status: Argus Safety
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability exists in Oracle Argus Safety product of Oracle Health Sciences Applications, specifically within the Letters component. This issue can be easily exploited by an attacker with low privileges and network access via HTTP. While primarily affecting Oracle Argus Safety, the impact of the vulnerability extends to other interconnected products, potentially leading to unauthorized read access to sensitive data within Oracle Argus Safety. This presents significant risks to data confidentiality.

Affected Version(s)

Argus Safety 8.2.2

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020