Vulnerability in Oracle iStore Shopping Cart Component of Oracle E-Business Suite
CVE-2021-2150

8.2HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 22 April 2021

Summary

Oracle iStore within the Oracle E-Business Suite is exposed to an unauthenticated access vulnerability that permits attackers with network access via HTTP to exploit weaknesses in the Shopping Cart component. Successful exploitation necessitates human interaction from an individual unrelated to the attacker, leading to potential unauthorized access to sensitive data. This vulnerability can grant attackers the ability to view, update, insert, or delete data accessible through the Oracle iStore, which may extend its impact to other integrated components within the E-Business Suite. The security flaw notably affects supported versions 12.1.1 through 12.1.3 and 12.2.3 through 12.2.10, exposing organizations to substantial risks if unaddressed.

Affected Version(s)

iStore 12.1.1-12.1.3

iStore 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020