CVE-2021-2277

Description

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Related CPE's

aoraclecoherence3.7.1.0*******
vulnerable
aoraclecoherence12.1.3.0.0*******
vulnerable
aoraclecoherence12.2.1.3.0*******
vulnerable
aoraclecoherence12.2.1.4.0*******
vulnerable
aoraclecoherence14.1.1.0.0*******
vulnerable

References

https://www.oracle.com/security-alerts/cpuapr2021.html

PatchVendor Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

NONE

AvailabilityImpact

NONE

BaseScore

7.5

BaseSeverity

HIGH

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE