Resource Exceptions Vulnerability in Oracle E-Business Suite
CVE-2021-2271
8.1HIGH
Summary
This vulnerability in Oracle E-Business Suite, specifically affecting the Resource Exceptions component, allows low-privileged attackers to exploit the system through HTTP requests. Affected versions include 12.1.3 and 12.2.3 to 12.2.8, enabling unauthorized users to create, delete, or modify critical data within the Oracle Work in Process module. Successful exploitation can lead to significant data integrity and confidentiality issues, granting attackers access to sensitive information and potential control over critical business processes.
Affected Version(s)
Work in Process 12.1.3
Work in Process 12.2.3-12.2.8
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved