Login Sign Up

CVE-2021-2316

8.1 HIGH

📋 TL;DR

This vulnerability in Oracle HRMS (France) allows authenticated attackers with low privileges to perform unauthorized data manipulation and access via HTTP. It affects Oracle E-Business Suite versions 12.1.1 through 12.1.3. Attackers can create, delete, or modify critical HR data and access sensitive information.

💻 Affected Systems

Products:
  • Oracle E-Business Suite - Oracle HRMS (France)
Versions: 12.1.1 through 12.1.3
Operating Systems: Any OS running Oracle E-Business Suite
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects French HR module of Oracle E-Business Suite. Requires network access via HTTP and low privileged account.

📦 What is this software?

Human Resource Management Software For France by Oracle

View all CVEs affecting Human Resource Management Software For France →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of French HR data including unauthorized access to all sensitive employee information and ability to modify payroll, benefits, and personnel records.

🟠

Likely Case

Unauthorized access to confidential HR data and modification of employee records by malicious insiders or compromised accounts.

🟢

If Mitigated

Limited impact with proper access controls, network segmentation, and monitoring in place.

🌐 Internet-Facing: HIGH - HTTP accessible vulnerability that can be exploited remotely by authenticated users.
🏢 Internal Only: HIGH - Even internal attackers with low privileges can exploit this vulnerability to access sensitive HR data.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes as 'easily exploitable' but requires authenticated access. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Oracle Critical Patch Update for April 2021 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2021.html

Restart Required: Yes

Instructions:

1. Download April 2021 Critical Patch Update from Oracle Support. 2. Apply patch to affected Oracle E-Business Suite instances. 3. Restart application services. 4. Test French HR module functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Oracle E-Business Suite to only trusted IP addresses and networks.

Configure firewall rules to limit access to Oracle E-Business Suite HTTP ports

Privilege Reduction

all

Review and reduce privileges for all user accounts accessing French HR module to minimum required.

Execute Oracle user privilege review scripts for HR module

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Oracle E-Business Suite from untrusted networks
  • Enable detailed audit logging for all French HR module activities and monitor for suspicious access patterns

🔍 How to Verify

Check if Vulnerable:

Check Oracle E-Business Suite version and installed patches. If running versions 12.1.1-12.1.3 without April 2021 CPU, system is vulnerable.

Check Version:

SELECT RELEASE_NAME FROM FND_PRODUCT_GROUPS; and check applied patches via Oracle OPATCH utility

Verify Fix Applied:

Verify April 2021 Critical Patch Update is applied and check patch installation logs for successful application.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to French HR module
  • Multiple failed authentication attempts followed by successful login
  • Unusual data modification activities in HR tables

Network Indicators:

  • HTTP requests to French HR endpoints from unexpected sources
  • Burst of HTTP requests to specific HR functions

SIEM Query:

source="oracle-ebs" (module="French HR" OR path="/OA_HTML/*french*") AND (action="modify" OR action="delete" OR action="create") | stats count by user, src_ip

📊 Metadata

CVE ID: CVE-2021-2316
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Published: April 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON