CVE-2021-2351

Exploit

EPSS 3.54%
Veröffentlicht 21.07.2021 15:15:21
Zuletzt bearbeitet 21.11.2024 06:02:56
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Advanced Networking Option Version12.1.0.2

Oracle ≫ Advanced Networking Option Version12.2.0.1

Oracle ≫ Advanced Networking Option Version19c

Oracle ≫ Agile Engineering Data Management Version6.2.1.0

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.2.0

Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.3.0

Oracle ≫ Airlines Data Model Version12.1.1.0.0

Oracle ≫ Airlines Data Model Version12.2.0.1.0

Oracle ≫ Application Performance Management Version13.4.1.0

Oracle ≫ Application Performance Management Version13.5.1.0

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Argus Analytics Version8.2.1

Oracle ≫ Argus Analytics Version8.2.2

Oracle ≫ Argus Analytics Version8.2.3

Oracle ≫ Argus Insight Version8.2.1

Oracle ≫ Argus Insight Version8.2.2

Oracle ≫ Argus Insight Version8.2.3

Oracle ≫ Argus Mart Version8.2.1

Oracle ≫ Argus Mart Version8.2.2

Oracle ≫ Argus Mart Version8.2.3

Oracle ≫ Argus Safety Version8.2.1

Oracle ≫ Argus Safety Version8.2.2

Oracle ≫ Argus Safety Version8.2.3

Oracle ≫ Banking Apis Version >= 18.1 <= 18.3

Oracle ≫ Banking Apis Version19.1

Oracle ≫ Banking Apis Version19.2

Oracle ≫ Banking Apis Version20.1

Oracle ≫ Banking Apis Version21.1

Oracle ≫ Banking Digital Experience Version >= 18.1 <= 18.3

Oracle ≫ Banking Digital Experience Version17.2

Oracle ≫ Banking Digital Experience Version19.1

Oracle ≫ Banking Digital Experience Version19.2

Oracle ≫ Banking Digital Experience Version20.1

Oracle ≫ Banking Digital Experience Version21.1

Oracle ≫ Banking Enterprise Default Management Version2.10.0

Oracle ≫ Banking Enterprise Default Management Version2.12.0

Oracle ≫ Banking Platform Version2.6.2

Oracle ≫ Banking Platform Version2.7.1

Oracle ≫ Banking Platform Version2.12.0

Oracle ≫ Big Data Spatial And Graph Version < 23.1

Oracle ≫ Blockchain Platform Version21.1.2

Oracle ≫ Clinical Version5.2.1

Oracle ≫ Clinical Version5.2.2

Oracle ≫ Commerce Platform Version11.3.0

Oracle ≫ Commerce Platform Version11.3.1

Oracle ≫ Commerce Platform Version11.3.2

Oracle ≫ Communications Application Session Controller Version3.9.0

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.4

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.5

Oracle ≫ Communications Calendar Server Version8.0.0.5.0

Oracle ≫ Communications Contacts Server Version8.0.0.3.0

Oracle ≫ Communications Convergent Charging Controller Version >= 12.0.1.0.0 <= 12.0.4.0.0

Oracle ≫ Communications Convergent Charging Controller Version6.0.1.0.0

Oracle ≫ Communications Data Model Version11.3.2.1.0

Oracle ≫ Communications Data Model Version11.3.2.2.0

Oracle ≫ Communications Data Model Version11.3.2.3.0

Oracle ≫ Communications Data Model Version12.1.0.1.0

Oracle ≫ Communications Data Model Version12.1.2.0.0

Oracle ≫ Communications Design Studio Version7.3.5

Oracle ≫ Communications Design Studio Version7.4.0

Oracle ≫ Communications Design Studio Version7.4.1

Oracle ≫ Communications Design Studio Version7.4.2

Oracle ≫ Communications Diameter Intelligence Hub Version >= 8.0.0 <= 8.2.3

Oracle ≫ Communications Ip Service Activator Version7.4.0

Oracle ≫ Communications Metasolv Solution Version6.3.1

Oracle ≫ Communications Network Charging And Control Version >= 12.0.1.0 <= 12.0.4.0.0

Oracle ≫ Communications Network Charging And Control Version6.0.1.0.0

Oracle ≫ Communications Network Integrity Version7.3.5

Oracle ≫ Communications Network Integrity Version7.3.6

Oracle ≫ Communications Pricing Design Center Version12.0.0.4

Oracle ≫ Communications Pricing Design Center Version12.0.0.5

Oracle ≫ Communications Services Gatekeeper Version7.0

Oracle ≫ Communications Session Report Manager Version >= 8.0.0 <= 8.2.5.0

Oracle ≫ Communications Session Route Manager Version >= 8.2.0 <= 8.2.5

Oracle ≫ Data Integrator Version12.2.1.3.0

Oracle ≫ Data Integrator Version12.2.1.4.0

Oracle ≫ Demantra Demand Management Version >= 12.2.6 <= 12.2.11

Oracle ≫ Documaker Version >= 12.6.2 <= 12.6.4

Oracle ≫ Documaker Version12.6.0

Oracle ≫ Documaker Version12.7.0

Oracle ≫ Enterprise Data Quality Version12.2.1.3.0

Oracle ≫ Enterprise Data Quality Version12.2.1.4.0

Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0

Oracle ≫ Enterprise Manager Base Platform Version13.5.0.0

Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.7 <= 8.1.1

Oracle ≫ Financial Services Behavior Detection Platform Version8.0.7

Oracle ≫ Financial Services Behavior Detection Platform Version8.0.8

Oracle ≫ Financial Services Behavior Detection Platform Version8.0.11

Oracle ≫ Financial Services Enterprise Case Management Version8.0.7

Oracle ≫ Financial Services Enterprise Case Management Version8.0.8

Oracle ≫ Financial Services Enterprise Case Management Version8.0.11

Oracle ≫ Financial Services Foreign Account Tax Compliance Act Management Version8.0.7

Oracle ≫ Financial Services Foreign Account Tax Compliance Act Management Version8.0.8

Oracle ≫ Financial Services Foreign Account Tax Compliance Act Management Version8.0.11

Oracle ≫ Financial Services Model Management And Governance Version >= 8.0.8.0.0 <= 8.1.1.0.0

Oracle ≫ Financial Services Trade-based Anti Money Laundering Version8.0.7 SwEditionenterprise

Oracle ≫ Financial Services Trade-based Anti Money Laundering Version8.0.8 SwEditionenterprise

Oracle ≫ Flexcube Investor Servicing Version12.0.4

Oracle ≫ Flexcube Investor Servicing Version12.1.0

Oracle ≫ Flexcube Investor Servicing Version12.3.0

Oracle ≫ Flexcube Investor Servicing Version12.4.0

Oracle ≫ Flexcube Investor Servicing Version14.4.0

Oracle ≫ Flexcube Investor Servicing Version14.5.0

Oracle ≫ Flexcube Private Banking Version12.0.0

Oracle ≫ Flexcube Private Banking Version12.1.0

Oracle ≫ Fusion Middleware Version12.2.1.3.0

Oracle ≫ Fusion Middleware Version12.2.1.4.0

Oracle ≫ Goldengate Version < 12.3.0.1.0

Oracle ≫ Goldengate Version >= 19.1.0.0.1 < 21.5.0.0.220118

Oracle ≫ Goldengate Application Adapters Version < 23.1

Oracle ≫ Graph Server And Client Version < 21.4.0

Oracle ≫ Health Sciences Clinical Development Analytics Version4.0.1

Oracle ≫ Health Sciences Inform Crf Submit Version6.2.1

Oracle ≫ Health Sciences Information Manager Version3.0.2

Oracle ≫ Health Sciences Information Manager Version3.0.3

Oracle ≫ Healthcare Data Repository Version7.0.2

Oracle ≫ Healthcare Data Repository Version8.1.0

Oracle ≫ Healthcare Data Repository Version8.1.1

Oracle ≫ Healthcare Foundation Version >= 7.3.0 <= 7.3.0.2

Oracle ≫ Healthcare Foundation Version >= 8.0.0 <= 8.0.2

Oracle ≫ Healthcare Foundation Version >= 8.1.0 <= 8.1.1

Oracle ≫ Healthcare Translational Research Version4.1.0

Oracle ≫ Hospitality Inventory Management Version < 9.1.0

Oracle ≫ Hospitality Inventory Management Version9.1.0

Oracle ≫ Hospitality Opera 5 Version5.6

Oracle ≫ Hospitality Reporting And Analytics Version9.1.0

Oracle ≫ Hospitality Suite8 Version8.10.2

Oracle ≫ Hospitality Suite8 Version8.11.0

Oracle ≫ Hospitality Suite8 Version8.12.0

Oracle ≫ Hospitality Suite8 Version8.13.0

Oracle ≫ Hospitality Suite8 Version8.14.0

Oracle ≫ Hyperion Infrastructure Technology Version11.2.7.0

Oracle ≫ Ilearning Version6.2

Oracle ≫ Ilearning Version6.3

Oracle ≫ Instantis Enterprisetrack Version17.1

Oracle ≫ Instantis Enterprisetrack Version17.2

Oracle ≫ Instantis Enterprisetrack Version17.3

Oracle ≫ Insurance Data Gateway Version11.0.2

Oracle ≫ Insurance Data Gateway Version11.1.0

Oracle ≫ Insurance Data Gateway Version11.2.7

Oracle ≫ Insurance Data Gateway Version11.3.0

Oracle ≫ Insurance Data Gateway Version11.3.1

Oracle ≫ Insurance Insbridge Rating And Underwriting Version >= 5.4 <= 5.6.0

Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.2.0

Oracle ≫ Insurance Policy Administration Version11.0.2

Oracle ≫ Insurance Policy Administration Version11.1.0

Oracle ≫ Insurance Policy Administration Version11.2.7

Oracle ≫ Insurance Policy Administration Version11.3.0

Oracle ≫ Insurance Policy Administration Version11.3.1

Oracle ≫ Insurance Rules Palette Version11.0.2

Oracle ≫ Insurance Rules Palette Version11.1.0

Oracle ≫ Insurance Rules Palette Version11.2.7

Oracle ≫ Insurance Rules Palette Version11.3.0

Oracle ≫ Insurance Rules Palette Version11.3.1

Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2.6.3

Oracle ≫ Oss Support Tools Version < 2.12.42

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Policy Automation Version >= 12.2.0 <= 12.2.24

Oracle ≫ Primavera Analytics Version18.8.3.3

Oracle ≫ Primavera Analytics Version19.12.11.1

Oracle ≫ Primavera Analytics Version20.12.12.0

Oracle ≫ Primavera Data Warehouse Version18.8.3.3

Oracle ≫ Primavera Data Warehouse Version19.12.11.1

Oracle ≫ Primavera Data Warehouse Version20.12.12.0

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.12

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.11

Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.7

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 17.12.0.0 <= 17.12.20

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 18.8.0.0 <= 18.8.24

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 19.12.0.0 <= 19.12.17.0

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 20.12.0.0 <= 20.12.9.0

Oracle ≫ Primavera P6 Professional Project Management Version >= 17.12 <= 17.12.20.0

Oracle ≫ Primavera P6 Professional Project Management Version >= 18.8 <= 18.8.24.0

Oracle ≫ Primavera P6 Professional Project Management Version >= 19.12.0.0 <= 19.12.17.0

Oracle ≫ Primavera P6 Professional Project Management Version >= 20.12.0.0 <= 20.12.9.0

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Primavera Unifier Version21.12

Oracle ≫ Product Lifecycle Analytics Version3.6.1

Oracle ≫ Rapid Planning Version >= 12.2.6 <= 12.2.11

Oracle ≫ Real User Experience Insight Version13.4.1.0

Oracle ≫ Real User Experience Insight Version13.5.1.0

Oracle ≫ Retail Analytics Version >= 16.0.0 <= 16.0.2

Oracle ≫ Retail Assortment Planning Version16.0.3

Oracle ≫ Retail Back Office Version14.1

Oracle ≫ Retail Central Office Version14.1

Oracle ≫ Retail Customer Insights Version >= 16.0 <= 16.0.2

Oracle ≫ Retail Extract Transform And Load Version13.2.8

Oracle ≫ Retail Financial Integration Version14.1.3.2

Oracle ≫ Retail Financial Integration Version15.0.3.1

Oracle ≫ Retail Financial Integration Version16.0.3.0

Oracle ≫ Retail Financial Integration Version19.0.1

Oracle ≫ Retail Integration Bus Version14.1.3.2

Oracle ≫ Retail Integration Bus Version15.0.3.1

Oracle ≫ Retail Integration Bus Version16.0.3

Oracle ≫ Retail Integration Bus Version19.0.1

Oracle ≫ Retail Merchandising System Version19.0.1

Oracle ≫ Retail Order Broker Version16.0

Oracle ≫ Retail Order Broker Version18.0

Oracle ≫ Retail Order Broker Version19.1

Oracle ≫ Retail Order Management System Version19.5

Oracle ≫ Retail Point-of-service Version14.1

Oracle ≫ Retail Predictive Application Server Version14.1.3

Oracle ≫ Retail Predictive Application Server Version15.0.3

Oracle ≫ Retail Predictive Application Server Version16.0.3

Oracle ≫ Retail Price Management Version14.1

Oracle ≫ Retail Price Management Version15.0

Oracle ≫ Retail Price Management Version16.0

Oracle ≫ Retail Returns Management Version14.1

Oracle ≫ Retail Service Backbone Version14.1.3.2

Oracle ≫ Retail Service Backbone Version15.0.3.1

Oracle ≫ Retail Service Backbone Version16.0.3

Oracle ≫ Retail Service Backbone Version19.0.1

Oracle ≫ Retail Store Inventory Management Version14.1

Oracle ≫ Retail Store Inventory Management Version15.0

Oracle ≫ Retail Store Inventory Management Version16.0

Oracle ≫ Retail Xstore Point Of Service Version17.0.4

Oracle ≫ Retail Xstore Point Of Service Version18.0.3

Oracle ≫ Retail Xstore Point Of Service Version19.0.2

Oracle ≫ Retail Xstore Point Of Service Version20.0.1

Oracle ≫ Siebel Ui Framework Version <= 21.12

Oracle ≫ Spatial Studio Version < 21.2.1

Oracle ≫ Storagetek Acsls Version8.5.1

Oracle ≫ Storagetek Tape Analytics Version2.4

Oracle ≫ Thesaurus Management System Version5.2.3

Oracle ≫ Thesaurus Management System Version5.3.0

Oracle ≫ Thesaurus Management System Version5.3.1

Oracle ≫ Timesten In-memory Database Version < 21.1.1.1.0

Oracle ≫ Timesten In-memory Database Version21.1.1.1.0

Oracle ≫ Utilities Framework Version >= 4.3.0.1.0 <= 4.3.0.6.0

Oracle ≫ Utilities Framework Version4.2.0.3.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Oracle ≫ Utilities Framework Version4.4.0.3.0

Oracle ≫ Utilities Testing Accelerator Version6.0.0.1.1

Oracle ≫ Utilities Testing Accelerator Version6.0.0.2.2

Oracle ≫ Utilities Testing Accelerator Version6.0.0.3.1

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

Oracle ≫ Zfs Storage Application Integration Engineering Software Version1.3.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.54%	0.872

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
secalert_us@oracle.com	8.3	1.6	6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Vendor Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Vendor Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Vendor Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Vendor Advisory

https://www.oracle.com/security-alerts/cpujul2021.html