Unauthorized Data Access in Oracle Marketing by Oracle Corporation
CVE-2021-2355

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 20 July 2021

Summary

A significant vulnerability exists within the Oracle Marketing component of the Oracle E-Business Suite. This vulnerability enables unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. Exploitation of this flaw could allow attackers to create, delete, or modify critical data and gain complete access to all Oracle Marketing data. Organizations using affected versions of the software should take immediate steps to mitigate this risk.

Affected Version(s)

Marketing 12.1.1-12.1.3

Marketing 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020