PT-2021-2836 · Oracle · Oracle E-Business Suite+1

Published

2021-04-22

Updated

2021-04-29

CVE-2021-2269

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.3

Description: The issue is related to insufficient access control in the Price Book component of Oracle Advanced Pricing. It allows a remote attacker to modify, add, or delete data and gain unauthorized access to protected information. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data, as well as unauthorized access to critical data.

Recommendations: For version 12.1.3, update the software to a version that includes the necessary security patches to fix the issue. As a temporary workaround, consider restricting access to the Price Book component to minimize the risk of exploitation.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2021-02382

CVE-2021-2269

Affected Products

Oracle Advanced Pricing

Oracle E-Business Suite

PT-2021-2836 · Oracle · Oracle E-Business Suite+1

CVE-2021-2269

Weakness Enumeration

Related Identifiers

Affected Products

References · 5