PT-2021-1717 · Oracle · Oracle Istore+1

Published

2021-01-19

Updated

2021-01-26

CVE-2021-2059

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10

Description: The issue is related to insufficient access control in the Web interface component of Oracle iStore, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks can result in unauthorized read access to a subset of Oracle iStore accessible data.

Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Web interface component until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2021-00407

CVE-2021-2059

Affected Products

Oracle E-Business Suite

Oracle Istore

PT-2021-1717 · Oracle · Oracle Istore+1

CVE-2021-2059

Weakness Enumeration

Related Identifiers

Affected Products

References · 5