{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T06:37:52.181","vulnerabilities":[{"cve":{"id":"CVE-2021-2477","sourceIdentifier":"secalert_us@oracle.com","published":"2021-10-20T11:16:17.883","lastModified":"2024-11-21T06:03:11.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Session Management). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Framework. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."},{"lang":"es","value":"Una vulnerabilidad en el producto Oracle Applications Framework de Oracle E-Business Suite (componente: Session Management). Las versiones compatibles que están afectadas son 12.1.3 y la 12.2.3-12.2.10. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Applications Framework. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Applications Framework. CVSS 3.1 Puntuación Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_framework:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.3","versionEndIncluding":"12.2.10","matchCriteriaId":"23A836D5-B5D5-450B-8958-E644F390DDB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_framework:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"AA3A05B2-9A0D-46D2-9D07-B576EAEC19A3"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}