Login Sign Up

CVE-2021-2223

8.1 HIGH

📋 TL;DR

This vulnerability in Oracle Receivables allows authenticated attackers with low privileges to manipulate critical financial data via HTTP requests. It affects Oracle E-Business Suite versions 12.1.1 through 12.1.3, potentially compromising confidentiality and integrity of receipt data.

💻 Affected Systems

Products:
  • Oracle E-Business Suite - Oracle Receivables
Versions: 12.1.1 through 12.1.3
Operating Systems: All platforms running Oracle E-Business Suite
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Oracle Receivables component to be installed and accessible via HTTP.

📦 What is this software?

Receivables by Oracle

View all CVEs affecting Receivables →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Oracle Receivables data including unauthorized creation, modification, or deletion of critical financial records and exposure of sensitive payment information.

🟠

Likely Case

Unauthorized access to and manipulation of receipt data, potentially enabling financial fraud or data exfiltration.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place.

🌐 Internet-Facing: HIGH - HTTP-accessible vulnerability with low attack complexity that can be exploited remotely.
🏢 Internal Only: HIGH - Low privileged internal users could exploit this to manipulate financial data.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires low privileged authenticated access but is easily exploitable according to Oracle's assessment.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Oracle Critical Patch Update for April 2021 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2021.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Oracle Support. 2. Apply the patch following Oracle's E-Business Suite patching procedures. 3. Restart affected services. 4. Test functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Oracle Receivables to only trusted users and systems.

Privilege Reduction

all

Review and minimize user privileges in Oracle Receivables to only necessary functions.

🧯 If You Can't Patch

  • Implement strict network access controls to limit HTTP access to Oracle Receivables
  • Enhance monitoring and alerting for unusual receipt data modifications

🔍 How to Verify

Check if Vulnerable:

Check Oracle E-Business Suite version and verify if Oracle Receivables component is installed and version is between 12.1.1-12.1.3.

Check Version:

Check Oracle E-Business Suite version through application administration interface or database queries specific to your deployment.

Verify Fix Applied:

Verify patch application through Oracle's patch management tools and confirm version is updated beyond vulnerable range.

📡 Detection & Monitoring

Log Indicators:

  • Unusual receipt creation/modification patterns
  • HTTP requests to Receipts component from unexpected sources
  • Multiple failed authentication attempts followed by successful access

Network Indicators:

  • HTTP traffic to Receipts endpoints from unauthorized IPs
  • Unusual data volume transfers from Receipts component

SIEM Query:

source="oracle-ebs" AND (event_type="receipt_modification" OR component="receipts") AND user_privilege="low" AND result="success"

📊 Metadata

CVE ID: CVE-2021-2223
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Published: April 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON