Unauthenticated Access Vulnerability in Oracle E-Business Suite Knowledge Management
CVE-2021-2198

8.2HIGH

Key Information:

Vendor: Oracle
Status: Knowledge Management
Vendor: CVE Published:; 22 April 2021

Summary

An unauthenticated access vulnerability exists in the Oracle Knowledge Management component of Oracle E-Business Suite, allowing attackers with network access via HTTP to exploit the system. This issue can be triggered if a human user interacts with a malicious element, leading to potential unauthorized access to sensitive data. The vulnerability risks compromising Oracle Knowledge Management accessible data, including possibilities for unauthorized updates, inserts, or deletions. Due to this vulnerability residing in a key component of Oracle E-Business Suite, the impact can extend beyond just the affected product.

Affected Version(s)

Knowledge Management 12.1.1-12.1.3

Knowledge Management 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020