Unauthorized Data Access Vulnerability in Oracle iStore Product
CVE-2022-21354

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Istore
Vendor: CVE Published:; 19 January 2022

Summary

A vulnerability in the Oracle iStore component of Oracle E-Business Suite allows an unauthenticated attacker with network access via HTTP to compromise the application. Successful exploitation requires human interaction from a different individual, potentially leading to unauthorized update, insertion, or deletion of accessible data. Additionally, the vulnerability can provide unauthorized read access to certain subsets of the accessible data. This poses significant risks, not only to Oracle iStore but also potentially impacting other interconnected products within the Oracle ecosystem.

Affected Version(s)

iStore 12.2.3-12.2.11

References

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 19, 2022
Vulnerability Reserved
Nov 15, 2021