Description


Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Related CPE's


a

oracle

advanced_networking_option

3



a

oracle

agile_product_lifecycle_management_for_process

2

a

oracle

airlines_data_model

2

a

oracle

application_performance_management

2


a

oracle

argus_analytics

3

a

oracle

argus_insight

3

a

oracle

argus_mart

3

a

oracle

argus_safety

3

a

oracle

banking_apis

5

a

oracle

banking_digital_experience

6

a

oracle

banking_enterprise_default_management

2

a

oracle

banking_platform

3



a

oracle

clinical

2

a

oracle

commerce_platform

3


a

oracle

communications_billing_and_revenue_management

2



a

oracle

communications_convergent_charging_controller

2

a

oracle

communications_data_model

5

a

oracle

communications_design_studio

4




a

oracle

communications_network_charging_and_control

2

a

oracle

communications_network_integrity

2

a

oracle

communications_pricing_design_center

2




a

oracle

data_integrator

2


a

oracle

documaker

3

a

oracle

enterprise_data_quality

2

a

oracle

enterprise_manager_base_platform

2



a

oracle

financial_services_behavior_detection_platform

3

a

oracle

financial_services_enterprise_case_management

3

a

oracle

financial_services_foreign_account_tax_compliance_act_management

3


a

oracle

financial_services_trade-based_anti_money_laundering

2

a

oracle

flexcube_investor_servicing

6

a

oracle

flexcube_private_banking

2

a

oracle

fusion_middleware

2

a

oracle

goldengate

2





a

oracle

health_sciences_information_manager

2

a

oracle

healthcare_data_repository

3

a

oracle

healthcare_foundation

3


a

oracle

hospitality_inventory_management

2



a

oracle

hospitality_suite8

5


a

oracle

ilearning

2

a

oracle

instantis_enterprisetrack

3

a

oracle

insurance_data_gateway

5

a

oracle

insurance_insbridge_rating_and_underwriting

2

a

oracle

insurance_policy_administration

5

a

oracle

insurance_rules_palette

5



a

oracle

peoplesoft_enterprise_peopletools

3


a

oracle

primavera_analytics

3

a

oracle

primavera_data_warehouse

3

a

oracle

primavera_gateway

4

a

oracle

primavera_p6_enterprise_project_portfolio_management

4

a

oracle

primavera_p6_professional_project_management

4

a

oracle

primavera_unifier

5



a

oracle

real_user_experience_insight

2







a

oracle

retail_financial_integration

4

a

oracle

retail_integration_bus

4


a

oracle

retail_order_broker

3



a

oracle

retail_predictive_application_server

3

a

oracle

retail_price_management

3


a

oracle

retail_service_backbone

4

a

oracle

retail_store_inventory_management

3

a

oracle

retail_xstore_point_of_service

4





a

oracle

thesaurus_management_system

3

a

oracle

timesten_in-memory_database

2

a

oracle

utilities_framework

5

a

oracle

utilities_testing_accelerator

3

a

oracle

weblogic_server

3

Weaknesses



CWE-327CWE-384

CVSS impact metrics


CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.3 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-21T15:15:21.827

3 years ago

Last modified

2024-02-16T18:48:45.617

1 year ago