Vulnerability in Oracle Commerce Service Center by Oracle
CVE-2021-2462

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Commerce Service Center
Vendor: CVE Published:; 21 July 2021

Summary

The vulnerability found in Oracle Commerce Service Center permits an unauthenticated attacker with network access to potentially compromise the system. Successful exploitation requires human interaction from a non-attacker, leading to unauthorized data manipulation, including updates, inserts, or deletions, as well as unauthorized read access to sensitive data. Although the vulnerability exists within Oracle Commerce Service Center, the ramifications can affect additional interconnected products.

Affected Version(s)

Commerce Service Center 11.0.0

Commerce Service Center 11.1.0

Commerce Service Center 11.2.0

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Dec 9, 2020