Description
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Related CPE's
a
oracle
advanced_networking_option
a
oracle
agile_product_lifecycle_management_for_process
a
oracle
airlines_data_model
a
oracle
application_performance_management
a
oracle
argus_analytics
a
oracle
argus_insight
a
oracle
argus_mart
a
oracle
argus_safety
a
oracle
banking_apis
a
oracle
banking_digital_experience
a
oracle
banking_enterprise_default_management
a
oracle
banking_platform
a
oracle
clinical
a
oracle
commerce_platform
a
oracle
communications_billing_and_revenue_management
a
oracle
communications_convergent_charging_controller
a
oracle
communications_data_model
a
oracle
communications_design_studio
a
oracle
communications_network_charging_and_control
a
oracle
communications_network_integrity
a
oracle
communications_pricing_design_center
a
oracle
data_integrator
a
oracle
documaker
a
oracle
enterprise_data_quality
a
oracle
enterprise_manager_base_platform
a
oracle
financial_services_behavior_detection_platform
a
oracle
financial_services_enterprise_case_management
a
oracle
financial_services_foreign_account_tax_compliance_act_management
a
oracle
financial_services_trade-based_anti_money_laundering
a
oracle
flexcube_investor_servicing
a
oracle
flexcube_private_banking
a
oracle
fusion_middleware
a
oracle
goldengate
a
oracle
health_sciences_information_manager
a
oracle
healthcare_data_repository
a
oracle
healthcare_foundation
a
oracle
hospitality_inventory_management
a
oracle
hospitality_suite8
a
oracle
ilearning
a
oracle
instantis_enterprisetrack
a
oracle
insurance_data_gateway
a
oracle
insurance_insbridge_rating_and_underwriting
a
oracle
insurance_policy_administration
a
oracle
insurance_rules_palette
a
oracle
peoplesoft_enterprise_peopletools
a
oracle
primavera_analytics
a
oracle
primavera_data_warehouse
a
oracle
primavera_gateway
a
oracle
primavera_p6_enterprise_project_portfolio_management
a
oracle
primavera_p6_professional_project_management
a
oracle
primavera_unifier
a
oracle
real_user_experience_insight
a
oracle
retail_financial_integration
a
oracle
retail_integration_bus
a
oracle
retail_order_broker
a
oracle
retail_predictive_application_server
a
oracle
retail_price_management
a
oracle
retail_service_backbone
a
oracle
retail_store_inventory_management
a
oracle
retail_xstore_point_of_service
a
oracle
thesaurus_management_system
a
oracle
timesten_in-memory_database
a
oracle
utilities_framework
a
oracle
utilities_testing_accelerator
a
oracle
weblogic_server
References
http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html
http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html
http://seclists.org/fulldisclosure/2021/Dec/19
http://seclists.org/fulldisclosure/2021/Dec/20
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujan2023.html
https://www.oracle.com/security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
CVSS impact metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-07-21T15:15:21.827
3 years agoLast modified
2024-02-16T18:48:45.617
1 year ago