CVE-2021-2452

Name of the Vulnerable Software and Affected Versions Oracle Outside In Technology version 8.5.5

Description The issue is related to insufficient input validation in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This can be exploited by an unauthenticated attacker with network access via HTTP, potentially leading to unauthorized actions such as causing a hang or crash of Oracle Outside In Technology, or gaining unauthorized access to modify, delete, or read critical data. The impact depends on how the software using Outside In Technology handles network data.

Recommendations For version 8.5.5, consider restricting network access to the Outside In Technology component until a fix is available, or apply configuration changes that limit the potential impact of the issue, such as validating and sanitizing all input data before it is processed by the Outside In Filters component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.