PT-2021-7176 · Oracle · Oracle Commerce Experience Manager+1
Dimitris Doganos
·
Published
2021-07-20
·
Updated
2021-07-23
·
CVE-2021-2345
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Commerce Guided Search / Oracle Commerce Experience Manager version 11.3.1.5
Description
The issue is related to insufficient input validation in the Tools and Frameworks component of Oracle Commerce Guided Search and Oracle Commerce Experience Manager. This allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to data, including update, insert, delete, and read access.
Recommendations
For version 11.3.1.5, update to a newer version that contains a fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Commerce Experience Manager
Oracle Commerce Guided Search