CVE-2021-2155

Name of the Vulnerable Software and Affected Versions Oracle One-to-One Fulfillment versions 12.1.1 through 12.1.3 Oracle One-to-One Fulfillment versions 12.2.3 through 12.2.10

Description The issue is related to insufficient access controls in the Documents component of Oracle One-to-One Fulfillment. It can be exploited by a remote attacker to gain access to update, modify, or delete data using the HTTP protocol. Successful attacks require human interaction from someone other than the attacker and can result in unauthorized access to some of the data accessible by Oracle One-to-One Fulfillment.

Recommendations For versions 12.1.1 through 12.1.3, update to a version outside of this range to resolve the issue. For versions 12.2.3 through 12.2.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Documents component to minimize the risk of exploitation.