CVE-2021-2017

Published: Jan 20, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: secalert_us@oracle.com (Secondary)

Description

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Affected (7)

Products: Oracle: Enterprise Data Quality, Retail Invoice Matching, User Management

Oracle

3 products

Enterprise Data Quality

Retail Invoice Matching

User Management

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Oracle Enterprise Data Quality	Version 11.1.1.9.0
Oracle Enterprise Data Quality	Version 12.2.1.3.0
Oracle Retail Invoice Matching	Version 13.2
Oracle Retail Invoice Matching	Version 14.0
Oracle Retail Invoice Matching	Version 14.1
Oracle User Management	From 12.2.3 to 12.2.10
Oracle User Management	Version 12.1.3

References (2)

https://www.oracle.com/security-alerts/cpujan2021.html

Source: secalert_us@oracle.com

Vendor Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.