Vulnerabilities > CVE-2021-2463 - Unspecified vulnerability in Oracle Commerce Platform

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

oracle

NVD

Published: 2021-07-21

Updated: 2021-07-21

Summary

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Commerce Platform 11.0.0 Oracle Commerce Platform 11.1.0 Oracle Commerce Platform 11.2.0 Oracle Commerce Platform 11.3.1	4

References

https://www.oracle.com/security-alerts/cpujul2021.html