China National Vulnerability DatabaseCNVD-2021-57454Oracle E-Business Suite Unauthorized Access Vulnerability (CNVD-2021-57454)
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
Oracle E-Business Suite is an extension of the original Application (ERP) and includes a collection of ERP (Enterprise Resource Planning Management), HR (Human Resource Management), CRM (Customer Relationship Management), and other applications that are seamlessly integrated into one management suite. A security vulnerability exists in the Marketing Administration component of Oracle Marketing in Oracle E-Business Suite versions 12.1.1-12.1.3, 12.2.3-12.2.10. An attacker could exploit this vulnerability to potentially cause unauthorized creation, deletion, or modification of access to critical data or all Oracle Marketing accessible data, as well as unauthorized access to critical data or full access to all Oracle Marketing accessible data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| oracle oracle e-business suite >=12.1.1, | le | 12.1.3 | |
| oracle e-business suite >=12.2.3, | le | 12.2.10 |
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N