Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
0

CVE-2021-2351

Disclosure Date: July 21, 2021
CVE-2021-2351 CVSS v3 Base Score: 8.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: “Changes in Native Network Encryption with the July 2021 Critical Patch Update” (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.3 High
Impact Score:
6
Exploitability Score:
1.6
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
WebLogic Server 12.2.1.3.0
WebLogic Server 12.2.1.4.0
WebLogic Server 14.1.1.0.0
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • oracle

Products

  • advanced networking option 12.1.0.2,
  • advanced networking option 12.2.0.1,
  • advanced networking option 19c,
  • agile engineering data management 6.2.1.0,
  • agile plm 9.3.6,
  • agile product lifecycle management for process 6.2.2.0,
  • agile product lifecycle management for process 6.2.3.0,
  • airlines data model 12.1.1.0.0,
  • airlines data model 12.2.0.1.0,
  • application performance management 13.4.1.0,
  • application performance management 13.5.1.0,
  • application testing suite 13.3.0.1,
  • argus analytics 8.2.1,
  • argus analytics 8.2.2,
  • argus analytics 8.2.3,
  • argus insight 8.2.1,
  • argus insight 8.2.2,
  • argus insight 8.2.3,
  • argus mart 8.2.1,
  • argus mart 8.2.2,
  • argus mart 8.2.3,
  • argus safety 8.2.1,
  • argus safety 8.2.2,
  • argus safety 8.2.3,
  • banking apis,
  • banking apis 19.1,
  • banking apis 19.2,
  • banking apis 20.1,
  • banking apis 21.1,
  • banking digital experience,
  • banking digital experience 17.2,
  • banking digital experience 19.1,
  • banking digital experience 19.2,
  • banking digital experience 20.1,
  • banking digital experience 21.1,
  • banking enterprise default management 2.10.0,
  • banking enterprise default management 2.12.0,
  • banking platform 2.12.0,
  • banking platform 2.6.2,
  • banking platform 2.7.1,
  • big data spatial and graph,
  • blockchain platform 21.1.2,
  • clinical 5.2.1,
  • clinical 5.2.2,
  • commerce platform 11.3.0,
  • commerce platform 11.3.1,
  • commerce platform 11.3.2,
  • communications application session controller 3.9.0,
  • communications billing and revenue management 12.0.0.4,
  • communications billing and revenue management 12.0.0.5,
  • communications calendar server 8.0.0.5.0,
  • communications contacts server 8.0.0.3.0,
  • communications convergent charging controller,
  • communications convergent charging controller 6.0.1.0.0,
  • communications data model 11.3.2.1.0,
  • communications data model 11.3.2.2.0,
  • communications data model 11.3.2.3.0,
  • communications data model 12.1.0.1.0,
  • communications data model 12.1.2.0.0,
  • communications design studio 7.3.5,
  • communications design studio 7.4.0,
  • communications design studio 7.4.1,
  • communications design studio 7.4.2,
  • communications diameter intelligence hub,
  • communications ip service activator 7.4.0,
  • communications metasolv solution 6.3.1,
  • communications network charging and control,
  • communications network charging and control 6.0.1.0.0,
  • communications network integrity 7.3.5,
  • communications network integrity 7.3.6,
  • communications pricing design center 12.0.0.4,
  • communications pricing design center 12.0.0.5,
  • communications services gatekeeper 7.0,
  • communications session report manager,
  • communications session route manager,
  • data integrator 12.2.1.3.0,
  • data integrator 12.2.1.4.0,
  • demantra demand management,
  • documaker,
  • documaker 12.6.0,
  • documaker 12.7.0,
  • enterprise data quality 12.2.1.3.0,
  • enterprise data quality 12.2.1.4.0,
  • enterprise manager base platform 13.4.0.0,
  • enterprise manager base platform 13.5.0.0,
  • enterprise manager ops center 12.4.0.0,
  • financial services analytical applications infrastructure,
  • financial services behavior detection platform 8.0.11,
  • financial services behavior detection platform 8.0.7,
  • financial services behavior detection platform 8.0.8,
  • financial services enterprise case management 8.0.11,
  • financial services enterprise case management 8.0.7,
  • financial services enterprise case management 8.0.8,
  • financial services foreign account tax compliance act management 8.0.11,
  • financial services foreign account tax compliance act management 8.0.7,
  • financial services foreign account tax compliance act management 8.0.8,
  • financial services model management and governance,
  • financial services trade-based anti money laundering 8.0.7,
  • financial services trade-based anti money laundering 8.0.8,
  • flexcube investor servicing 12.0.4,
  • flexcube investor servicing 12.1.0,
  • flexcube investor servicing 12.3.0,
  • flexcube investor servicing 12.4.0,
  • flexcube investor servicing 14.4.0,
  • flexcube investor servicing 14.5.0,
  • flexcube private banking 12.0.0,
  • flexcube private banking 12.1.0,
  • fusion middleware 12.2.1.3.0,
  • fusion middleware 12.2.1.4.0,
  • goldengate,
  • goldengate application adapters,
  • graph server and client,
  • health sciences clinical development analytics 4.0.1,
  • health sciences inform crf submit 6.2.1,
  • health sciences information manager 3.0.2,
  • health sciences information manager 3.0.3,
  • healthcare data repository 7.0.2,
  • healthcare data repository 8.1.0,
  • healthcare data repository 8.1.1,
  • healthcare foundation,
  • healthcare translational research 4.1.0,
  • hospitality inventory management,
  • hospitality inventory management 9.1.0,
  • hospitality opera 5 5.6,
  • hospitality reporting and analytics 9.1.0,
  • hospitality suite8 8.10.2,
  • hospitality suite8 8.11.0,
  • hospitality suite8 8.12.0,
  • hospitality suite8 8.13.0,
  • hospitality suite8 8.14.0,
  • hyperion infrastructure technology 11.2.7.0,
  • ilearning 6.2,
  • ilearning 6.3,
  • instantis enterprisetrack 17.1,
  • instantis enterprisetrack 17.2,
  • instantis enterprisetrack 17.3,
  • insurance data gateway 11.0.2,
  • insurance data gateway 11.1.0,
  • insurance data gateway 11.2.7,
  • insurance data gateway 11.3.0,
  • insurance data gateway 11.3.1,
  • insurance insbridge rating and underwriting,
  • insurance insbridge rating and underwriting 5.2.0,
  • insurance policy administration 11.0.2,
  • insurance policy administration 11.1.0,
  • insurance policy administration 11.2.7,
  • insurance policy administration 11.3.0,
  • insurance policy administration 11.3.1,
  • insurance rules palette 11.0.2,
  • insurance rules palette 11.1.0,
  • insurance rules palette 11.2.7,
  • insurance rules palette 11.3.0,
  • insurance rules palette 11.3.1,
  • jd edwards enterpriseone tools 9.2.6.3,
  • oss support tools,
  • peoplesoft enterprise peopletools 8.57,
  • peoplesoft enterprise peopletools 8.58,
  • peoplesoft enterprise peopletools 8.59,
  • policy automation,
  • primavera analytics 18.8.3.3,
  • primavera analytics 19.12.11.1,
  • primavera analytics 20.12.12.0,
  • primavera data warehouse 18.8.3.3,
  • primavera data warehouse 19.12.11.1,
  • primavera data warehouse 20.12.12.0,
  • primavera gateway,
  • primavera p6 enterprise project portfolio management,
  • primavera p6 professional project management,
  • primavera unifier,
  • primavera unifier 18.8,
  • primavera unifier 19.12,
  • primavera unifier 20.12,
  • primavera unifier 21.12,
  • product lifecycle analytics 3.6.1,
  • rapid planning,
  • real user experience insight 13.4.1.0,
  • real user experience insight 13.5.1.0,
  • retail analytics,
  • retail assortment planning 16.0.3,
  • retail back office 14.1,
  • retail central office 14.1,
  • retail customer insights,
  • retail extract transform and load 13.2.8,
  • retail financial integration 14.1.3.2,
  • retail financial integration 15.0.3.1,
  • retail financial integration 16.0.3.0,
  • retail financial integration 19.0.1,
  • retail integration bus 14.1.3.2,
  • retail integration bus 15.0.3.1,
  • retail integration bus 16.0.3,
  • retail integration bus 19.0.1,
  • retail merchandising system 19.0.1,
  • retail order broker 16.0,
  • retail order broker 18.0,
  • retail order broker 19.1,
  • retail order management system 19.5,
  • retail point-of-service 14.1,
  • retail predictive application server 14.1.3,
  • retail predictive application server 15.0.3,
  • retail predictive application server 16.0.3,
  • retail price management 14.1,
  • retail price management 15.0,
  • retail price management 16.0,
  • retail returns management 14.1,
  • retail service backbone 14.1.3.2,
  • retail service backbone 15.0.3.1,
  • retail service backbone 16.0.3,
  • retail service backbone 19.0.1,
  • retail store inventory management 14.1,
  • retail store inventory management 15.0,
  • retail store inventory management 16.0,
  • retail xstore point of service 17.0.4,
  • retail xstore point of service 18.0.3,
  • retail xstore point of service 19.0.2,
  • retail xstore point of service 20.0.1,
  • siebel ui framework,
  • spatial studio,
  • storagetek acsls 8.5.1,
  • storagetek tape analytics 2.4,
  • thesaurus management system 5.2.3,
  • thesaurus management system 5.3.0,
  • thesaurus management system 5.3.1,
  • timesten in-memory database,
  • timesten in-memory database 21.1.1.1.0,
  • utilities framework,
  • utilities framework 4.2.0.3.0,
  • utilities framework 4.4.0.0.0,
  • utilities framework 4.4.0.2.0,
  • utilities framework 4.4.0.3.0,
  • utilities testing accelerator 6.0.0.1.1,
  • utilities testing accelerator 6.0.0.2.2,
  • utilities testing accelerator 6.0.0.3.1,
  • weblogic server 12.2.1.3.0,
  • weblogic server 12.2.1.4.0,
  • weblogic server 14.1.1.0.0,
  • zfs storage application integration engineering software 1.3.3
Technical Analysis