VDB

CVE-2021-2460

CVE-2021-2460 PUBLISHED CVSS 5.400000095367432 MEDIUM

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express Data Reporter accessible data as well as unauthorized read access to a subset of Oracle Application Express Data Reporter accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

EPSS 0.19% · 40.2th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.19%
40.2th percentile

Affected Products

VendorProductVersions
oracleapplication_express0
Oracle CorporationApplication Express (APEX)unspecified

Timeline

  • Jul 20, 2021 CVE Published
  • Jul 21, 2021 EPSS Score
  • Sep 18, 2021 EPSS Score
  • Nov 17, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 16, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 14, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 11, 2022 EPSS Score
  • Nov 9, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›