The vulnerability of the Tasks component in Oracle Common Applications Calendar allows attackers to modify data or gain unauthorized access to the device, due to insufficient validation of input data.

🗓️ 16 Feb 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 6 Views

Insufficient input validation in Oracle Calendar Tasks enables unauthorized access via Hypertext Transfer Protocol requests.

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of Oracle WebLogic Server’s application server core components allows attackers to cause partial service interruptions.	11 Feb 202100:00	–	bdu_fstec
Circl	CVE-2021-2034	20 Jan 202118:27	–	circl
CNNVD	Oracle E-Business Suite 组件授权问题漏洞	19 Jan 202100:00	–	cnnvd
CNVD	Oracle E-Business Suite Authorization Issues Vulnerability (CNVD-2021-08461)	20 Jan 202100:00	–	cnvd
CVE	CVE-2021-2034	20 Jan 202114:50	–	cve
Cvelist	CVE-2021-2034	20 Jan 202114:50	–	cvelist
EUVD	EUVD-2021-16493	7 Oct 202500:30	–	euvd
NCSC	Vulnerabilities fixed in Oracle E-Business Suite	21 Jan 202100:00	–	ncsc
NVD	CVE-2021-2034	20 Jan 202115:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - January 2021	19 Jan 202100:00	–	oracle

Vulners

Node

oracle oracle_common_applications_calendarRange12.1.1–12.1.3

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2021.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-2034
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021012028
web	www.web.nvd.nist.gov/view/vuln/detail

16 Feb 2021 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 27.8

CVSS 38.2

EPSS0.01169

Oracle Calendar Tasks component Input validation Unauthorized access Hypertext Transfer Protocol Data modification