Exploitable Vulnerability in Oracle Access Manager by Oracle
CVE-2021-2358

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Access Manager
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability has been identified in the Oracle Access Manager component of Oracle Fusion Middleware, specifically within the REST interfaces for Access Manager. This weakness could be exploited by an attacker with high privileges who has network access via HTTPS. Successful exploitation could lead to unauthorized access to sensitive data or even full control over all data accessible through Oracle Access Manager. Organizations using version 11.1.2.3.0 should take immediate action to secure their systems.

Affected Version(s)

Access Manager 11.1.2.3.0

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020