CVE-2021-2477

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Framework. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:applications_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:applications_framework:12.1.3:*:*:*:*:*:*:*

History

21 Nov 2024, 06:03

Type Values Removed Values Added
References () https://www.oracle.com/security-alerts/cpuoct2021.html - Vendor Advisory () https://www.oracle.com/security-alerts/cpuoct2021.html - Vendor Advisory

26 Oct 2021, 12:20

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Vendor Advisory
CVSS v2 : unknown
v3 : 5.3
v2 : 5.0
v3 : 5.3
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:oracle:applications_framework:12.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:applications_framework:*:*:*:*:*:*:*:*

20 Oct 2021, 11:53

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-20 11:16

Updated : 2024-11-21 06:03


NVD link : CVE-2021-2477

Mitre link : CVE-2021-2477

CVE.ORG link : CVE-2021-2477


JSON object : View

Products Affected

oracle

  • applications_framework