Unauthorized Data Access Vulnerability in Oracle iStore Shopping Cart
CVE-2021-2186

8.2HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 22 April 2021

Summary

The vulnerability in Oracle iStore within the Oracle E-Business Suite compromises the security of the Shopping Cart component. An unauthenticated attacker can exploit this vulnerability via HTTP, which may allow unauthorized access to sensitive data stored within Oracle iStore. While these attacks necessitate human interaction, they can lead to serious consequences, including unauthorized updates, inserts, or deletions of accessible data. As a result, even though the vulnerability is contained within Oracle iStore, it has the potential to affect additional integrated products within the suite.

Affected Version(s)

iStore 12.1.1-12.1.3

iStore 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020