V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
CVE-2021-2351
CVE
High

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.…

CVSS
7.5
High
EPSS
0.03
p87
Published
2021-01-01
Updated
2021-01-01
Description

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Tags · CWE
Pre-authCrypto
CWE-327
CAPEC-20
CAPEC-97
CAPEC-459
CAPEC-473
CAPEC-475
CAPEC-608
CAPEC-614
Affected products
Advanced_networking_optionAgile_engineering_data_managementAgile_plmAgile_product_lifecycle_management_for_processAirlines_data_modelApplication_performance_managementApplication_testing_suiteArgus_analyticsArgus_insightArgus_martArgus_safetyBanking_apis 18.1–18.3Banking_apisBanking_digital_experience 18.1–18.3Banking_digital_experienceBanking_enterprise_default_managementBanking_platformBig_data_spatial_and_graph < 23.1Blockchain_platformClinicalCommerce_platformCommunications_application_session_controllerCommunications_billing_and_revenue_managementCommunications_calendar_serverCommunications_contacts_serverCommunications_convergent_charging_controller 12.0.1.0.0–12.0.4.0.0Communications_convergent_charging_controllerCommunications_data_modelCommunications_design_studioCommunications_diameter_intelligence_hub 8.0.0–8.2.3Communications_ip_service_activatorCommunications_metasolv_solutionCommunications_network_charging_and_control 12.0.1.0–12.0.4.0.0Communications_network_charging_and_controlCommunications_network_integrityCommunications_pricing_design_centerCommunications_services_gatekeeperCommunications_session_report_manager 8.0.0–8.2.5.0Communications_session_route_manager 8.2.0–8.2.5Data_integratorDemantra_demand_management 12.2.6–12.2.11Documaker 12.6.2–12.6.4DocumakerEnterprise_data_qualityEnterprise_manager_base_platformEnterprise_manager_ops_centerFinancial_services_analytical_applications_infrastructure 8.0.7–8.1.1Financial_services_behavior_detection_platformFinancial_services_enterprise_case_managementFinancial_services_foreign_account_tax_compliance_act_managementFinancial_services_model_management_and_governance 8.0.8.0.0–8.1.1.0.0Financial_services_trade-based_anti_money_launderingFlexcube_investor_servicingFlexcube_private_bankingFusion_middlewareGoldengate < 12.3.0.1.0Goldengate 19.1.0.0.1–21.5.0.0.220118Goldengate_application_adapters < 23.1Graph_server_and_client < 21.4.0Health_sciences_clinical_development_analyticsHealth_sciences_inform_crf_submitHealth_sciences_information_managerHealthcare_data_repositoryHealthcare_foundation 7.3.0–7.3.0.2Healthcare_foundation 8.0.0–8.0.2Healthcare_foundation 8.1.0–8.1.1Healthcare_translational_researchHospitality_inventory_management < 9.1.0Hospitality_inventory_managementHospitality_opera_5Hospitality_reporting_and_analyticsHospitality_suite8Hyperion_infrastructure_technologyIlearningInstantis_enterprisetrackInsurance_data_gatewayInsurance_insbridge_rating_and_underwriting 5.4–5.6.0Insurance_insbridge_rating_and_underwritingInsurance_policy_administrationInsurance_rules_paletteJd_edwards_enterpriseone_toolsOss_support_tools < 2.12.42Peoplesoft_enterprise_peopletoolsPolicy_automation 12.2.0–12.2.24Primavera_analyticsPrimavera_data_warehousePrimavera_gateway 17.12.0–17.12.11Primavera_gateway 18.8.0–18.8.12Primavera_gateway 19.12.0–19.12.11Primavera_gateway 20.12.0–20.12.7Primavera_p6_enterprise_project_portfolio_management 17.12.0.0–17.12.20Primavera_p6_enterprise_project_portfolio_management 18.8.0.0–18.8.24Primavera_p6_enterprise_project_portfolio_management 19.12.0.0–19.12.17.0Primavera_p6_enterprise_project_portfolio_management 20.12.0.0–20.12.9.0Primavera_p6_professional_project_management 17.12–17.12.20.0Primavera_p6_professional_project_management 18.8–18.8.24.0Primavera_p6_professional_project_management 19.12.0.0–19.12.17.0Primavera_p6_professional_project_management 20.12.0.0–20.12.9.0Primavera_unifier 17.7–17.12Primavera_unifierProduct_lifecycle_analyticsRapid_planning 12.2.6–12.2.11Real_user_experience_insightRetail_analytics 16.0.0–16.0.2Retail_assortment_planningRetail_back_officeRetail_central_officeRetail_customer_insights 16.0–16.0.2Retail_extract_transform_and_loadRetail_financial_integrationRetail_integration_busRetail_merchandising_systemRetail_order_brokerRetail_order_management_systemRetail_point-of-serviceRetail_predictive_application_serverRetail_price_managementRetail_returns_managementRetail_service_backboneRetail_store_inventory_managementRetail_xstore_point_of_serviceSiebel_ui_framework ≤ 21.12Spatial_studio < 21.2.1Storagetek_acslsStoragetek_tape_analyticsThesaurus_management_systemTimesten_in-memory_database < 21.1.1.1.0Timesten_in-memory_databaseUtilities_framework 4.3.0.1.0–4.3.0.6.0Utilities_frameworkUtilities_testing_acceleratorWeblogic_serverZfs_storage_application_integration_engineering_software
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.033 · p87
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-473 · CWE-327
└ via CAPEC-473 · CWE-327
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected software
ProductVendorStatus
advanced_networking_option*Tracked
agile_engineering_data_management*Tracked
agile_plm*Tracked
agile_product_lifecycle_management_for_process*Tracked
airlines_data_model*Tracked
application_performance_management*Tracked
application_testing_suite*Tracked
argus_analytics*Tracked
argus_insight*Tracked
argus_mart*Tracked
argus_safety*Tracked
banking_apis*Tracked
banking_digital_experience*Tracked
banking_enterprise_default_management*Tracked
banking_platform*Tracked
big_data_spatial_and_graph*Tracked
blockchain_platform*Tracked
clinical*Tracked
commerce_platform*Tracked
communications_application_session_controller*Tracked
Source databases
CVE
Related vulnerabilities
BDU:2021-06299