CVE-2021-2078
First published: Wed Jan 20 2021(Updated: )
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data as well as unauthorized update, insert or delete access to some of Oracle Configurator accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Configurator | =12.1 | |
| Oracle Configurator | =12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Oracle Configurator vulnerability?
The vulnerability ID for this Oracle Configurator vulnerability is CVE-2021-2078.
What is the title of this vulnerability?
The title of this vulnerability is 'Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet)'.
What component of Oracle Supply Chain is affected by this vulnerability?
The component of Oracle Supply Chain affected by this vulnerability is UI Servlet.
What versions of Oracle Configurator are affected by this vulnerability?
The versions 12.1 and 12.2 of Oracle Configurator are affected by this vulnerability.
How severe is this vulnerability?
This vulnerability has a severity value of 8.2, which is considered high.
What can an unauthenticated attacker with network access do with this vulnerability?
An unauthenticated attacker with network access can compromise Oracle Configurator using this vulnerability.
Is this vulnerability easily exploitable?
Yes, this vulnerability is easily exploitable.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following URL: https://www.oracle.com/security-alerts/cpujan2021.html
- collector/nvd-index
- agent/severity
- agent/references
- agent/type
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle configurator
- version/oracle configurator/12.1
- version/oracle configurator/12.2