Unauthorized Data Access in Oracle E-Business Suite Web Analytics
CVE-2021-2474

8.1HIGH

Key Information:

Vendor: Oracle
Status: Web Analytics
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-2474?

The vulnerability in Oracle E-Business Suite's Web Analytics component allows low privileged attackers with HTTP network access to exploit the system. This exploitation can lead to unauthorized creation, deletion, or modification of critical data within Oracle Web Analytics. Attackers may gain complete access to all data stored in the application, potentially compromising the integrity and confidentiality of vital information.

Affected Version(s)

Web Analytics 12.1.1-12.1.3

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Dec 9, 2020