Description

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Related CPE's

a

oracle

advanced_networking_option

3

a

oracle

agile_engineering_data_management

6.2.1.0

Vulnerable

a

oracle

agile_plm

9.3.6

Vulnerable

a

oracle

agile_product_lifecycle_management_for_process

2

a

oracle

airlines_data_model

2

a

oracle

application_performance_management

2

a

oracle

application_testing_suite

13.3.0.1

Vulnerable

a

oracle

argus_analytics

3

a

oracle

argus_insight

3

a

oracle

argus_mart

3

a

oracle

argus_safety

3

a

oracle

banking_apis

5

a

oracle

banking_digital_experience

6

a

oracle

banking_enterprise_default_management

2

a

oracle

banking_platform

3

a

oracle

big_data_spatial_and_graph

Vulnerable

a

oracle

blockchain_platform

21.1.2

Vulnerable

a

oracle

clinical

2

a

oracle

commerce_platform

3

a

oracle

communications_application_session_controller

3.9.0

Vulnerable

a

oracle

communications_billing_and_revenue_management

2

a

oracle

communications_calendar_server

8.0.0.5.0

Vulnerable

a

oracle

communications_contacts_server

8.0.0.3.0

Vulnerable

a

oracle

communications_convergent_charging_controller

2

a

oracle

communications_data_model

5

a

oracle

communications_design_studio

4

a

oracle

communications_diameter_intelligence_hub

Vulnerable

a

oracle

communications_ip_service_activator

7.4.0

Vulnerable

a

oracle

communications_metasolv_solution

6.3.1

Vulnerable

a

oracle

communications_network_charging_and_control

2

a

oracle

communications_network_integrity

2

a

oracle

communications_pricing_design_center

2

a

oracle

communications_services_gatekeeper

7.0

Vulnerable

a

oracle

communications_session_report_manager

Vulnerable

a

oracle

communications_session_route_manager

Vulnerable

a

oracle

data_integrator

2

a

oracle

demantra_demand_management

Vulnerable

a

oracle

documaker

3

a

oracle

enterprise_data_quality

2

a

oracle

enterprise_manager_base_platform

2

a

oracle

enterprise_manager_ops_center

12.4.0.0

Vulnerable

a

oracle

financial_services_analytical_applications_infrastructure

Vulnerable

a

oracle

financial_services_behavior_detection_platform

3

a

oracle

financial_services_enterprise_case_management

3

a

oracle

financial_services_foreign_account_tax_compliance_act_management

3

a

oracle

financial_services_model_management_and_governance

Vulnerable

a

oracle

financial_services_trade-based_anti_money_laundering

2

a

oracle

flexcube_investor_servicing

6

a

oracle

flexcube_private_banking

2

a

oracle

fusion_middleware

2

a

oracle

goldengate

2

a

oracle

goldengate_application_adapters

Vulnerable

a

oracle

graph_server_and_client

Vulnerable

a

oracle

health_sciences_clinical_development_analytics

4.0.1

Vulnerable

a

oracle

health_sciences_inform_crf_submit

6.2.1

Vulnerable

a

oracle

health_sciences_information_manager

2

a

oracle

healthcare_data_repository

3

a

oracle

healthcare_foundation

3

a

oracle

healthcare_translational_research

4.1.0

Vulnerable

a

oracle

hospitality_inventory_management

2

a

oracle

hospitality_opera_5

5.6

Vulnerable

a

oracle

hospitality_reporting_and_analytics

9.1.0

Vulnerable

a

oracle

hospitality_suite8

5

a

oracle

hyperion_infrastructure_technology

11.2.7.0

Vulnerable

a

oracle

ilearning

2

a

oracle

instantis_enterprisetrack

3

a

oracle

insurance_data_gateway

5

a

oracle

insurance_insbridge_rating_and_underwriting

2

a

oracle

insurance_policy_administration

5

a

oracle

insurance_rules_palette

5

a

oracle

jd_edwards_enterpriseone_tools

9.2.6.3

Vulnerable

a

oracle

oss_support_tools

Vulnerable

a

oracle

peoplesoft_enterprise_peopletools

3

a

oracle

policy_automation

Vulnerable

a

oracle

primavera_analytics

3

a

oracle

primavera_data_warehouse

3

a

oracle

primavera_gateway

4

a

oracle

primavera_p6_enterprise_project_portfolio_management

4

a

oracle

primavera_p6_professional_project_management

4

a

oracle

primavera_unifier

5

a

oracle

product_lifecycle_analytics

3.6.1

Vulnerable

a

oracle

rapid_planning

Vulnerable

a

oracle

real_user_experience_insight

2

a

oracle

retail_analytics

Vulnerable

a

oracle

retail_assortment_planning

16.0.3

Vulnerable

a

oracle

retail_back_office

14.1

Vulnerable

a

oracle

retail_central_office

14.1

Vulnerable

a

oracle

retail_customer_insights

Vulnerable

a

oracle

retail_extract_transform_and_load

13.2.8

Vulnerable

a

oracle

retail_financial_integration

4

a

oracle

retail_integration_bus

4

a

oracle

retail_merchandising_system

19.0.1

Vulnerable

a

oracle

retail_order_broker

3

a

oracle

retail_order_management_system

19.5

Vulnerable

a

oracle

retail_point-of-service

14.1

Vulnerable

a

oracle

retail_predictive_application_server

3

a

oracle

retail_price_management

3

a

oracle

retail_returns_management

14.1

Vulnerable

a

oracle

retail_service_backbone

4

a

oracle

retail_store_inventory_management

3

a

oracle

retail_xstore_point_of_service

4

a

oracle

siebel_ui_framework

Vulnerable

a

oracle

spatial_studio

Vulnerable

a

oracle

storagetek_acsls

8.5.1

Vulnerable

a

oracle

storagetek_tape_analytics

2.4

Vulnerable

a

oracle

thesaurus_management_system

3

a

oracle

timesten_in-memory_database

2

a

oracle

utilities_framework

5

a

oracle

utilities_testing_accelerator

3

a

oracle

weblogic_server

3

a

oracle

zfs_storage_application_integration_engineering_software

1.3.3

Vulnerable

References

http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Dec/19

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Dec/20

ExploitMailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchVendor Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

PatchVendor Advisory

https://www.oracle.com/security-alerts/cpujan2023.html

Vendor Advisory

https://www.oracle.com/security-alerts/cpujul2021.html

PatchVendor Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Vendor Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-327CWE-384

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.3 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-21T15:15:21.827

3 years ago

Last modified

2024-02-16T18:48:45.617

1 year ago