Vulnerability in Oracle Common Applications Calendar of Oracle E-Business Suite
CVE-2021-2114

8.2HIGH

Key Information:

Vendor: Oracle
Status: Common Applications Calendar
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability exists within the Oracle Common Applications Calendar component of Oracle E-Business Suite, affecting several versions. This weakness allows unauthenticated attackers with network access to gain unauthorized access, contingent on human interaction from another user. The exploitation of this vulnerability can lead to unauthorized modification, insertion, or deletion of accessible data in the calendar, raising significant security concerns for sensitive information managed by the affected applications.

Affected Version(s)

Common Applications Calendar 12.1.1-12.1.3

Common Applications Calendar 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020