CVE-2021-2256

Name of the Vulnerable Software and Affected Versions: Oracle Storage Cloud Software Appliance versions prior to 16.3.1.4.2 Oracle E-Business Suite (affected versions not specified)

Description: The issue is related to errors in the code of a subcomponent of Oracle E-Business Suite, specifically the Customer Tab component. It allows a remote attacker to gain unauthorized access to a device and disclose protected information using HTTP requests. For Oracle Storage Cloud Software Appliance, the vulnerability can be easily exploited by an unauthenticated attacker with network access via HTTP, potentially leading to the takeover of the appliance. This vulnerability may also impact additional products.

Recommendations: For Oracle Storage Cloud Software Appliance versions prior to 16.3.1.4.2, update to version 16.3.1.4.2 or later. For Oracle E-Business Suite, at the moment, there is no information about a newer version that contains a fix for this vulnerability.