CVE-2021-2462

Name of the Vulnerable Software and Affected Versions Oracle Commerce Service Center versions 11.0.0 through 11.3.2

Description The issue exists due to insufficient input validation in the Commerce Service Center module of the Oracle Commerce platform. This allows a remote attacker to gain unauthorized access to protected information or modify, add, or delete data using the HTTP protocol. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to some Oracle Commerce Service Center data.

Recommendations For versions 11.0.0 through 11.3.2, consider restricting access to the Commerce Service Center module until a patch is available. As a temporary workaround, limit the use of HTTP protocol interactions with the Oracle Commerce Service Center to minimize the risk of exploitation. Avoid using the Oracle Commerce Service Center for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.