Vulnerability in Oracle Application Express Opportunity Tracker Component
CVE-2021-2116

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Application Express (apex)
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability exists in the Oracle Application Express Opportunity Tracker component of Oracle Database Server, affecting versions prior to 20.2. It can be exploited by low-privileged attackers who possess a valid user account, allowing them to gain unauthorized access to sensitive data. Successful exploitation of this vulnerability requires human interaction from an individual other than the attacker. Attackers can potentially manipulate data within the Opportunity Tracker, including unauthorized updates, insertions, and deletions, as well as reading of accessible data. This vulnerability may significantly impact not only the Opportunity Tracker but also other associated products within the Oracle ecosystem.

Affected Version(s)

Application Express (APEX) < 20.2

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020