SB2022091609 - Multiple vulnerabilities in IBM Emptoris Supplier Lifecycle Management

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2021-2245)

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Oracle Database - Enterprise Edition Unified Audit in Oracle Database Server. A remote privileged user can exploit this vulnerability to manipulate data.

2) Improper input validation (CVE-ID: CVE-2021-2173)

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Recovery in Oracle Database Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

3) Improper input validation (CVE-ID: CVE-2021-2234)

The vulnerability allows a remote authenticated user to manipulate data.

The vulnerability exists due to improper input validation within the Java VM in Oracle Database Server. A remote authenticated user can exploit this vulnerability to manipulate data.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-2175)

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Database Vault in Oracle Database Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-management/"
• https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-management/</a><br>
• https://www.ibm.com/support/pages/node/6474467<br><br></p>