Vulnerability in Oracle Advanced Outbound Telephony Affects E-Business Suite
CVE-2021-2398

8.1HIGH

Key Information:

Vendor: Oracle
Status: Advanced Outbound Telephony
Vendor: CVE Published:; 20 July 2021

Summary

A vulnerability exists in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite that could be exploited by low privileged attackers with network access through HTTP. This flaw allows unauthorized creation, deletion, or alteration of sensitive data, leading to potential exposure of critical information. Compromising this vulnerability can grant unauthorized users significant access to all data within Oracle Advanced Outbound Telephony, posing severe risks to data integrity and confidentiality.

Affected Version(s)

Advanced Outbound Telephony 12.1.1-12.1.3

Advanced Outbound Telephony 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020