Denial-of-Service Vulnerability in Oracle Sales Offline by Oracle
CVE-2021-2190

7.5HIGH

Key Information:

Vendor: Oracle
Status: Sales Offline
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability in the Oracle Sales Offline component of the Oracle E-Business Suite may allow an unauthenticated remote attacker to disrupt service through crafted HTTP requests. The affected versions, ranging from 12.1.1 to 12.2.10, can experience instability leading to frequent crashes or unresponsive states. This situation poses serious availability risks to organizations relying on this software, making it imperative to address this security issue promptly.

Affected Version(s)

Sales Offline 12.1.1-12.1.3

Sales Offline 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020