BDU:2021-06299HighConfirmedExploit available
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Share link
Anyone with the link can open this vulnerability.
Уязвимость компонента Advanced Networking Option системы управления базами данных Oracle Database Server связана с недостатками процедуры а…
CVSS
8.3
High
EPSS
0.00
p0
Published
2021-01-01
Updated
2021-01-01
Description
Уязвимость компонента Advanced Networking Option системы управления базами данных Oracle Database Server связана с недостатками процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, реализовать атаку типа «человек посередине» и получить полный контроль над системой
Tags · CWE
Pre-auth
Affected products
Ibm corp. Ibm emptoris contract managementIbm corp. Ibm emptoris contract managementIbm corp. Ibm emptoris contract managementIbm corp. Ibm emptoris strategic supply management platformIbm corp. Ibm emptoris strategic supply management platformIbm corp. Ibm emptoris strategic supply management platformOracle corp. Communications application session controllerOracle corp. Communications metasolv solutionOracle corp. Database serverOracle corp. Database serverOracle corp. Database serverOracle corp. Instantis enterprisetrackOracle corp. Instantis enterprisetrackOracle corp. Instantis enterprisetrackOracle corp. Oracle communications session report managerOracle corp. Oracle communications session route managerOracle corp. Oracle real user experience insightOracle corp. Oracle real user experience insightOracle corp. Primavera gatewayOracle corp. Primavera gateway
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: C
Changed (C)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
BDU:2021-06299
bdu_exploit · https://bdu.fstec.ru/vul
Affected software
| Product | Vendor | Status |
|---|---|---|
| ibm emptoris contract management | ibm corp. | Tracked |
| ibm emptoris contract management | ibm corp. | Tracked |
| ibm emptoris contract management | ibm corp. | Tracked |
| ibm emptoris strategic supply management platform | ibm corp. | Tracked |
| ibm emptoris strategic supply management platform | ibm corp. | Tracked |
| ibm emptoris strategic supply management platform | ibm corp. | Tracked |
| communications application session controller | oracle corp. | Tracked |
| communications metasolv solution | oracle corp. | Tracked |
| database server | oracle corp. | Tracked |
| database server | oracle corp. | Tracked |
| database server | oracle corp. | Tracked |
| instantis enterprisetrack | oracle corp. | Tracked |
| instantis enterprisetrack | oracle corp. | Tracked |
| instantis enterprisetrack | oracle corp. | Tracked |
| oracle communications session report manager | oracle corp. | Tracked |
| oracle communications session route manager | oracle corp. | Tracked |
| oracle real user experience insight | oracle corp. | Tracked |
| oracle real user experience insight | oracle corp. | Tracked |
| primavera gateway | oracle corp. | Tracked |
| primavera gateway | oracle corp. | Tracked |
Source databases
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Related vulnerabilities