CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-2253

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile35.69th
Published2021年4月22日
Last Modified2024年11月21日

Vulnerability Description

Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Supply Chain Planning. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Supply Chain Planning accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Supply Chain Planning accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Affected Platforms (CPE)

📦
Oracle

Advanced Supply Chain Planning

= 12.1
📦
Oracle

Advanced Supply Chain Planning

= 12.2

References & Advisories

🔗 https://www.oracle.com/security-alerts/cpuapr2021.html
🔗 https://www.oracle.com/security-alerts/cpuapr2021.html

関連する脆弱性情報

CVE-2016-55999.1

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 thro...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...