Oracle Commerce Guided Search/Commerce Experience Manager Tools/Frameworks unbekannte Schwachstelle

EintraganpassenHistoryDiffjsonxmlCTI

Eine kritische Schwachstelle wurde in Oracle Commerce Guided Search sowie Commerce Experience Manager 11.3.1.5 entdeckt. Betroffen davon ist ein unbekannter Prozess der Komponente Tools/Frameworks. Ein Upgrade vermag dieses Problem zu beheben. Das Erscheinen einer Gegenmassnahme geschah direkt nach der Veröffentlichung der Schwachstelle. Oracle hat entsprechend sofort reagiert.

Feld21.07.2021 10:3622.07.2021 20:11
vendorOracleOracle
nameCommerce Guided Search/Commerce Experience ManagerCommerce Guided Search/Commerce Experience Manager
cveCVE-2021-2346CVE-2021-2346
componentTools/FrameworksTools/Frameworks
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiRR
cvss3_vuldb_sCC
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
cvss3_vuldb_rlOO
version11.3.1.511.3.1.5
urlhttps://www.oracle.com/security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujul2021.html
date1626732000 (20.07.2021)1626732000 (20.07.2021)
date1626732000 (20.07.2021)1626732000 (20.07.2021)
identifierOracle Critical Patch Update Advisory - July 2021Oracle Critical Patch Update Advisory - July 2021
nameUpgradeUpgrade
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.55.5
cvss2_vuldb_tempscore4.84.8
cvss3_vuldb_basescore5.45.4
cvss3_vuldb_tempscore5.25.2
cvss3_meta_basescore5.45.4
cvss3_meta_tempscore5.25.2
price_0day$5k-$25k$5k-$25k
cve_assigned1607468400
cve_nvd_summaryVulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search / Oracle Commerce Experience Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle Commerce Experience Manager accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

Do you need the next level of professionalism?

Upgrade your account now!