CVE-2021-2008

Name of the Vulnerable Software and Affected Versions Enterprise Manager for Fusion Middleware versions 11.1.1.9 through 12.2.1.3

Description The issue exists due to insufficient input validation in the FMW Control Plugin component. It allows a remote attacker to gain read access to data, modify data, or cause a partial denial of service using HTTP requests. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data.

Recommendations For version 11.1.1.9, update to a newer version to mitigate the risk. For version 12.2.1.3, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the FMW Control Plugin component until a patch is available.