CVE-2021-2240

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology version 8.5.5

Description The issue exists due to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows a remote attacker to gain unauthorized read access to data, modify, add, or delete data, or cause a partial denial of service via HTTP requests. Successful attacks can result in unauthorized update, insert, or delete access to some of Oracle Outside In Technology's accessible data, as well as unauthorized read access to a subset of the data.

Recommendations For version 8.5.5, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Outside In Filters component to minimize the risk of exploitation. Additionally, restrict network access via HTTP to the Oracle Outside In Technology to reduce the attack surface.