First published: Wed Jul 21 2021(Updated: )
Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Commerce Platform | >=11.3.0<=11.3.2 | |
Oracle Commerce Platform | =11.0.0 | |
Oracle Commerce Platform | =11.1.0 | |
Oracle Commerce Platform | =11.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-2463.
The severity level of CVE-2021-2463 is critical.
Oracle Commerce Platform versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0-11.3.2 are affected by CVE-2021-2463.
An unauthenticated attacker with network access via HTTP can easily exploit CVE-2021-2463.
You can find more information about CVE-2021-2463 at the following link: [Oracle Security Alerts - CPUJul2021](https://www.oracle.com/security-alerts/cpujul2021.html)