Vulnerability in Oracle Sales Offline Product by Oracle
CVE-2021-35611

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Sales Offline
Vendor: CVE Published:; 20 October 2021

Summary

A security vulnerability exists in the Offline Template component of the Oracle Sales Offline product, which allows low privileged attackers with network access via HTTP to exploit the system. This can lead to unauthorized actions, including a partial denial of service. It affects several versions of the product within the Oracle E-Business Suite, making it crucial for users to implement protective measures.

Affected Version(s)

Sales Offline 12.1.1-12.1.3

Sales Offline 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-1231/

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021