CyberSec.Space Logo
Back to CVE Browser

CVE-2021-2253

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile35.69th
PublishedApr 22, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Supply Chain Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Supply Chain Planning accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Affected Platforms (CPE)

📦
Oracle

Advanced Supply Chain Planning

= 12.1
📦
Oracle

Advanced Supply Chain Planning

= 12.2

References & Advisories

🔗 https://www.oracle.com/security-alerts/cpuapr2021.html
🔗 https://www.oracle.com/security-alerts/cpuapr2021.html

Related Vulnerabilities

CVE-2016-55999.1

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 thro...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...