Vulnerability in Oracle Marketing Product of Oracle E-Business Suite
CVE-2021-2118

8.2HIGH

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 20 January 2021

Summary

An exploitable vulnerability exists in the Marketing Administration component of Oracle Marketing, part of the Oracle E-Business Suite. This issue allows unauthenticated attackers with network access via HTTP to manipulate Oracle Marketing systems. While successful exploitation demands user interaction from a third party, it poses significant risks, potentially leading to unauthorized access or modifications of critical data. The vulnerability may also affect interconnected products, resulting in breaches that compromise data confidentiality and integrity.

Affected Version(s)

Marketing 12.1.1-12.1.3

Marketing 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020