CVE-2021-2428

Description

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Related CPE's

aoraclecoherence12.1.3.0.0*******

vulnerable

aoraclecoherence12.2.1.3.0*******

vulnerable

aoraclecoherence12.2.1.4.0*******

vulnerable

aoraclecoherence14.1.1.0.0*******

vulnerable

References

https://www.oracle.com/security-alerts/cpujul2021.html

Vendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

8.1

VectorString

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

6.8

VectorString

AV:N/AC:M/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io