PT-2021-2935 · Oracle · Oracle E-Business Suite+1

Published

2021-04-22

Updated

2021-04-29

CVE-2021-2268

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.1 through 12.1.3

Description The issue is related to errors in the code of the Courseware subcomponent of the Oracle Quoting product in Oracle E-Business Suite. It allows a low-privileged attacker with network access via HTTP to compromise Oracle Quoting, resulting in unauthorized creation, deletion, or modification access to critical data or all Oracle Quoting accessible data, as well as unauthorized access to critical data or complete access to all Oracle Quoting accessible data.

Recommendations For versions 12.1.1 through 12.1.3, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2021-02508

CVE-2021-2268

Affected Products

Oracle E-Business Suite

Oracle Quoting

PT-2021-2935 · Oracle · Oracle E-Business Suite+1

CVE-2021-2268

Weakness Enumeration

Related Identifiers

Affected Products

References · 5