Security Vulnerability in Oracle iStore Shopping Cart by Oracle
CVE-2021-2185

8.2HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability exists in the Oracle iStore component of the Oracle E-Business Suite's Shopping Cart functionality. This weakness could allow an unauthenticated attacker with network access to compromise Oracle iStore. The successful exploitation of this vulnerability requires human interaction from a third party, which increases the complexity of an attack. Once exploited, an attacker could gain unauthorized access to sensitive data, with capabilities to read, update, insert, or delete data accessible through Oracle iStore. The implications of this vulnerability extend beyond iStore, potentially affecting other connected systems. Organizations using affected versions are encouraged to implement security measures to mitigate risks.

Affected Version(s)

iStore 12.1.1-12.1.3

iStore 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020