PT-2021-2936 · Oracle · Oracle E-Business Suite+1

Published

2021-04-22

Updated

2021-04-29

CVE-2021-2262

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.3

Description The issue is related to errors in the code of the Endeca component in Oracle Purchasing. It allows a remote attacker to gain unauthorized access to the device using HTTP requests. Successful exploitation can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all accessible data in Oracle Purchasing.

Recommendations For version 12.1.3, update the Endeca component to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2021-02509

CVE-2021-2262

Affected Products

Endeca

Oracle E-Business Suite

PT-2021-2936 · Oracle · Oracle E-Business Suite+1

CVE-2021-2262

Weakness Enumeration

Related Identifiers

Affected Products

References · 4