Oracle Commerce Guided Search/Commerce Experience Manager Tools/Frameworks unbekannte Schwachstelle

EintraganpassenHistoryDiffjsonxmlCTI

In Oracle Commerce Guided Search sowie Commerce Experience Manager 11.3.1.5 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Komponente Tools/Frameworks. Ein Aktualisieren vermag dieses Problem zu lösen. Das Erscheinen einer Gegenmassnahme geschah direkt nach der Veröffentlichung der Schwachstelle. Oracle hat demnach sofort gehandelt.

Feld21.07.2021 10:3622.07.2021 20:03
vendorOracleOracle
nameCommerce Guided Search/Commerce Experience ManagerCommerce Guided Search/Commerce Experience Manager
cveCVE-2021-2345CVE-2021-2345
componentTools/FrameworksTools/Frameworks
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sCC
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
cvss3_vuldb_rlOO
version11.3.1.511.3.1.5
urlhttps://www.oracle.com/security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujul2021.html
date1626732000 (20.07.2021)1626732000 (20.07.2021)
date1626732000 (20.07.2021)1626732000 (20.07.2021)
identifierOracle Critical Patch Update Advisory - July 2021Oracle Critical Patch Update Advisory - July 2021
nameUpgradeUpgrade
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.55.5
cvss2_vuldb_tempscore4.84.8
cvss3_vuldb_basescore5.45.4
cvss3_vuldb_tempscore5.25.2
cvss3_meta_basescore5.45.4
cvss3_meta_tempscore5.25.2
price_0day$5k-$25k$5k-$25k
cve_assigned1607468400
cve_nvd_summaryVulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search / Oracle Commerce Experience Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

Want to stay up to date on a daily basis?

Enable the mail alert feature now!