Unauthenticated Access Vulnerability in Oracle E-Business Suite's Partner Management
CVE-2021-2195

8.2HIGH

Key Information:

Vendor: Oracle
Status: Partner Management
Vendor: CVE Published:; 22 April 2021

Summary

The vulnerability exists in the Attribute Admin Setup component of Oracle Partner Management within Oracle E-Business Suite. It allows unauthenticated attackers with network access via HTTP to exploit the vulnerability. Successful exploitation may require interaction from a user who is not the attacker, indicating social engineering components in the attack vector. This vulnerability poses a significant risk as it can lead to unauthorized access to sensitive data and provide attackers with the ability to modify, insert, or delete data within the Oracle Partner Management environment. The impacts can extend beyond Partner Management, potentially affecting other integrated products.

Affected Version(s)

Partner Management 12.1.3

Partner Management 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020