Oracle E-Business Suite Vulnerability in Advanced Inbound Telephony by Oracle
CVE-2021-2361

8.1HIGH

Key Information:

Vendor: Oracle
Status: Advanced Inbound Telephony
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability exists in the Oracle Advanced Inbound Telephony component of Oracle E-Business Suite, allowing low-privileged network attackers to execute unauthorized actions. This flaw affects supported versions 12.1.1 through 12.1.3 and 12.2.3 through 12.2.10, enabling potential unauthorized access to critical data, including the creation, deletion, or modification of sensitive information. Exploiting this vulnerability can lead to severe confidentiality and integrity breaches, posing significant risks to organizations relying on Oracle E-Business Suite.

Affected Version(s)

Advanced Inbound Telephony 12.1.1-12.1.3

Advanced Inbound Telephony 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020