Access Control Vulnerability in Oracle Installed Base of Oracle E-Business Suite
CVE-2021-2231

8.1HIGH

Key Information:

Vendor: Oracle
Status: Installed Base
Vendor: CVE Published:; 22 April 2021

Summary

A significant access control vulnerability exists in the API component of the Oracle Installed Base within the Oracle E-Business Suite. This flaw permits low-privileged attackers with network access via HTTP to exploit the system, leading to unauthorized capabilities for creating, deleting, or modifying critical data. Organizations may face severe risks as this vulnerability allows unauthorized access to sensitive information across the Oracle Installed Base, making it essential for users to implement security measures and apply necessary patches as advised by Oracle.

Affected Version(s)

Installed Base 12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020