CVE-2021-2017
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerabilidad en el producto Oracle User Management de Oracle E-Business Suite (componente: Proxy User Delegation). Las versiones compatibles que están afectadas son 12.1.3 y 12.2.3-12.2.10. Una vulnerabilidad explotable fácilmente permite a un atacante poco privilegiado con acceso de red por medio de HTTP comprometer a Oracle User Management. Los ataques con éxito de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle User Management. CVSS 3.1 Puntuación Base 4.3 (Impactos de la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2020-12-09 CVE Reserved
- 2021-01-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2021.html | 2021-01-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Enterprise Data Quality Search vendor "Oracle" for product "Enterprise Data Quality" | 11.1.1.9.0 Search vendor "Oracle" for product "Enterprise Data Quality" and version "11.1.1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Data Quality Search vendor "Oracle" for product "Enterprise Data Quality" | 12.2.1.3.0 Search vendor "Oracle" for product "Enterprise Data Quality" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Invoice Matching Search vendor "Oracle" for product "Retail Invoice Matching" | 13.2 Search vendor "Oracle" for product "Retail Invoice Matching" and version "13.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Invoice Matching Search vendor "Oracle" for product "Retail Invoice Matching" | 14.0 Search vendor "Oracle" for product "Retail Invoice Matching" and version "14.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Retail Invoice Matching Search vendor "Oracle" for product "Retail Invoice Matching" | 14.1 Search vendor "Oracle" for product "Retail Invoice Matching" and version "14.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | User Management Search vendor "Oracle" for product "User Management" | >= 12.2.3 <= 12.2.10 Search vendor "Oracle" for product "User Management" and version " >= 12.2.3 <= 12.2.10" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | User Management Search vendor "Oracle" for product "User Management" | 12.1.3 Search vendor "Oracle" for product "User Management" and version "12.1.3" | - |
Affected
| ||||||