Denial of Service Vulnerability in Oracle Sales Offline by Oracle
CVE-2021-2189

7.5HIGH

Key Information:

Vendor: Oracle
Status: Sales Offline
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability exists in Oracle Sales Offline within the Oracle E-Business Suite that allows an unauthenticated attacker with network access via HTTP to compromise the service. Exploitation of this vulnerability may lead to significant disruptions, causing the application to hang or crash repeatedly, effectively resulting in a denial of service. The affected versions, specifically between 12.1.1 and 12.1.3, along with 12.2.3 through 12.2.10, represent a critical risk for users who rely on this software for business operations.

Affected Version(s)

Sales Offline 12.1.1-12.1.3

Sales Offline 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020