CVE-2021-2017

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Published: Jan 20, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-2017
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / user_management	12.1.3	12.1.3.x
oracle / enterprise_data_quality	12.2.1.3.0	12.2.1.3.0.x
oracle / retail_invoice_matching	13.2	13.2.x
oracle / retail_invoice_matching	14.0	14.0.x
oracle / retail_invoice_matching	14.1	14.1.x
oracle / enterprise_data_quality	11.1.1.9.0	11.1.1.9.0.x
oracle / user_management	12.2.3	12.2.10.x

https://www.oracle.com/security-alerts/cpujan2021.html

Vulnerability Database

289,599

CVE-2021-2017