File Upload Vulnerability in Oracle E-Business Suite by Oracle
CVE-2021-2380

7.6HIGH

Key Information:

Vendor: Oracle
Status: Applications Framework
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability exists within the Oracle Applications Framework component of Oracle E-Business Suite that allows an attacker with low privileges and network access via HTTP to exploit the system. The exploitation of this vulnerability requires human interaction from a third-party user. Although the vulnerability is primarily within the Oracle Applications Framework, successful attacks may significantly affect other connected systems. The consequences of this vulnerability can lead to unauthorized access to sensitive data, including the possibility for unauthorized updating, inserting, or deleting data within any accessible areas of the Oracle Applications Framework.

Affected Version(s)

Applications Framework 12.1.3

Applications Framework 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020