Improper Access Control in Oracle E-Business Suite Trade Management
CVE-2021-35554

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Trade Management
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-35554?

The Oracle E-Business Suite's Trade Management component exhibits an improper access control vulnerability that can be exploited by an unauthenticated attacker with network access via HTTP. This allows unauthorized read access to a portion of the sensitive data within the Trade Management system. Supported versions, including 12.1.1 through 12.1.3 and 12.2.3 through 12.2.10, are at risk, necessitating immediate attention and remediation to safeguard confidential information.

Affected Version(s)

Trade Management 12.1.1-12.1.3

Trade Management 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021