Unauthenticated Access Vulnerability in Oracle E-Business Suite Marketing Component
CVE-2021-2359

8.2HIGH

Key Information:

Vendor: Oracle
Status: Marketing
Vendor: CVE Published:; 20 July 2021

Summary

This vulnerability within the Oracle Marketing component of Oracle E-Business Suite allows unauthenticated attackers with HTTP network access to compromise the system. Though the attack requires human interaction from a third party, it poses significant risks, enabling unauthorized access to sensitive data and the ability to perform unauthorized updates, insertions, or deletions within the accessible data of Oracle Marketing. The implications of exploiting this vulnerability extend beyond just the Oracle Marketing component, potentially affecting other products as well.

Affected Version(s)

Marketing 12.1.1-12.1.3

Marketing 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020