Intrusion PreventionOracle.E-Business.Suite.Sales.Offline.CVE-2021-2190.DoS
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in Oracle E-Business Suite.
The vulnerability is due to improper handling of requests by the authentication component of Sales Offline. An unauthenticated, remote attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation causes an infinite loop, consuming large amounts of CPU resources and possibly leading to denial of service conditions on the target server.
Affected Products
Oracle E-Business Suite 12.1.1-12.1.3
Oracle E-Business Suite 12.2.3-12.2.10
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixEBS
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-07-15 | 18.121 | Default_action:pass:drop |
| 2021-07-07 | 18.115 | |
| 2021-07-07 | 18.114 | |
| 2021-07-07 | 18.113 |
| ID | 50543 |
| Created | Jun 29, 2021 |
| Updated | Jul 14, 2021 |
| Risk |
|
| CVE ID | CVE-2021-2190 |
| Exploit Prediction Score | 0.09% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, Solaris, Other |
| Affected App | Oracle |