Vulnerability in Oracle E-Business Suite Shopping Cart
CVE-2021-2241

8.1HIGH

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability affecting the Oracle iStore component of Oracle E-Business Suite allows an attacker with limited privileges and network access to exploit the system. The security flaw enables unauthorized users to create, delete, or modify sensitive data in the Oracle iStore. Attackers could gain significant access to critical data that was otherwise protected, posing a threat to the confidentiality and integrity of information handled by the shopping cart functionality of the application.

Affected Version(s)

iStore 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020