Lucene search

[email protected]CVE-2021-2018

HistoryJan 20, 2021 - 3:15 p.m.

CVE-2021-2018

2021-01-2015:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2021-2018

oracle database server

vulnerability

advanced networking option

windows

cvss 3.1

confidentiality

integrity

availability

nvd

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: CVE-2021-2018 affects Windows platform only. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CPENameOperatorVersion
oracle:advanced_networking_optionoracle advanced networking optioneq18c
oracle:advanced_networking_optionoracle advanced networking optioneq19c
oracle:data_integratororacle data integratoreq11.1.1.9.0
oracle:weblogic_serveroracle weblogic servereq12.2.1.3.0
oracle:adaptive_access_manageroracle adaptive access managereq11.1.2.3.0
oracle:data_integratororacle data integratoreq12.2.1.3.0
oracle:data_integratororacle data integratoreq12.2.1.4.0
oracle:hospitality_simphonyoracle hospitality simphonyeq19.1.3
oracle:hospitality_simphonyoracle hospitality simphonyeq18.2.7.2
oracle:enterprise_manager_for_fusion_applicationsoracle enterprise manager for fusion applicationseq13.3.0.0

CPE	Name	Operator	Version
oracle:advanced_networking_option	oracle advanced networking option	eq	18c
oracle:advanced_networking_option	oracle advanced networking option	eq	19c
oracle:data_integrator	oracle data integrator	eq	11.1.1.9.0
oracle:weblogic_server	oracle weblogic server	eq	12.2.1.3.0
oracle:adaptive_access_manager	oracle adaptive access manager	eq	11.1.2.3.0
oracle:data_integrator	oracle data integrator	eq	12.2.1.3.0
oracle:data_integrator	oracle data integrator	eq	12.2.1.4.0
oracle:hospitality_simphony	oracle hospitality simphony	eq	19.1.3
oracle:hospitality_simphony	oracle hospitality simphony	eq	18.2.7.2
oracle:enterprise_manager_for_fusion_applications	oracle enterprise manager for fusion applications	eq	13.3.0.0

References

www.oracle.com/security-alerts/cpujan2021.html

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for CVE-2021-2018

prion1 ibm5 nessus1 oracle1