Unauthenticated Remote Code Execution in Oracle E-Business Suite - CRM User Management Framework
CVE-2021-2436

8.2HIGH

Key Information:

Vendor: Oracle
Status: Common Applications
Vendor: CVE Published:; 20 July 2021

What is CVE-2021-2436?

A vulnerability in the Oracle Common Applications component of Oracle E-Business Suite's CRM User Management Framework allows an unauthenticated attacker with network access via HTTP to compromise the application. This vulnerability can potentially lead to unauthorized access to sensitive data across various Oracle applications. Successful exploitation requires human interaction from a victim, enhancing its risk profile. Attackers could achieve unauthorized updates, inserts, or deletions of accessible data within the Oracle Common Applications, impacting the confidentiality and integrity of the entire system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Common Applications 12.1.1-12.1.3

Common Applications 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020

JSON

Oracle