Lucene search

K
cve[email protected]CVE-2021-2428
HistoryJul 21, 2021 - 3:16 p.m.

CVE-2021-2428

2021-07-2115:16:01
web.nvd.nist.gov
35
3
cve
2021
2428
oracle
coherence
fusion middleware
vulnerability
security
takeover
cvss

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

Vulners
NVD
Node
oraclecoherenceRange12.1.3.0.0
OR
oraclecoherenceRange12.2.1.3.0
OR
oraclecoherenceRange12.2.1.4.0
OR
oraclecoherenceRange14.1.1.0.0
VendorProductVersionCPE
oraclecoherence*cpe:2.3:a:oracle:coherence:*:*:*:*:*:*:*:*
oraclecoherence*cpe:2.3:a:oracle:coherence:*:*:*:*:*:*:*:*
oraclecoherence*cpe:2.3:a:oracle:coherence:*:*:*:*:*:*:*:*
oraclecoherence*cpe:2.3:a:oracle:coherence:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Coherence",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "12.1.3.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      },
      {
        "status": "affected",
        "version": "14.1.1.0.0"
      }
    ]
  }
]

Social References

More

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

Related for CVE-2021-2428