CVE-2021-2190
CVE-2021-2190
In short
A flaw in Oracle Sales Offline allows anyone on the network to crash the application without logging in, causing it to stop working repeatedly. This is a denial-of-service vulnerability that affects availability.
Technical detail
An unauthenticated network-based denial-of-service vulnerability in Oracle Sales Offline's Template component exploitable via HTTP with low attack complexity. Successful exploitation causes application hangs or repeated crashes, resulting in complete service unavailability (CVSS 7.5, AV:N/AC:L/PR:N).
Summary generated and translated by AI from the official description.
Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Template). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Sales Offline. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Sales Offline. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Oracle Corporation · Sales OfflineWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →