Skip to main content

Advanced Networking Option CVE-2021-2351

HIGH
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2021-07-21 secalert_us@oracle.com
Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm Agile Product Lifecycle Management For Process Airlines Data Model Application Performance Management Application Testing Suite Argus Analytics Argus Insight Argus Mart Argus Safety Banking Apis Banking Digital Experience Banking Enterprise Default Management Banking Platform Big Data Spatial And Graph Blockchain Platform Clinical Commerce Platform Communications Application Session Controller Communications Billing And Revenue Management Communications Calendar Server Communications Contacts Server Communications Convergent Charging Controller Communications Data Model Communications Design Studio Communications Diameter Intelligence Hub Communications Ip Service Activator Communications Metasolv Solution Communications Network Charging And Control Communications Network Integrity Communications Pricing Design Center Communications Services Gatekeeper Communications Session Report Manager Communications Session Route Manager Data Integrator Demantra Demand Management Documaker Enterprise Data Quality Enterprise Manager Base Platform Enterprise Manager Ops Center Financial Services Analytical Applications Infrastructure Financial Services Behavior Detection Platform Financial Services Enterprise Case Management Financial Services Foreign Account Tax Compliance Act Management Financial Services Model Management And Governance Financial Services Trade Based Anti Money Laundering Flexcube Investor Servicing Flexcube Private Banking Fusion Middleware Goldengate Goldengate Application Adapters Graph Server And Client Health Sciences Clinical Development Analytics Health Sciences Inform Crf Submit Health Sciences Information Manager Healthcare Data Repository Healthcare Foundation Healthcare Translational Research Hospitality Inventory Management Hospitality Opera 5 Hospitality Reporting And Analytics Hospitality Suite8 Hyperion Infrastructure Technology Ilearning Instantis Enterprisetrack Insurance Data Gateway Insurance Insbridge Rating And Underwriting Insurance Policy Administration Insurance Rules Palette Jd Edwards Enterpriseone Tools Oss Support Tools Peoplesoft Enterprise Peopletools Policy Automation Primavera Analytics Primavera Data Warehouse Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera P6 Professional Project Management Primavera Unifier Product Lifecycle Analytics Rapid Planning Real User Experience Insight Retail Analytics Retail Assortment Planning Retail Back Office Retail Central Office Retail Customer Insights Retail Extract Transform And Load Retail Financial Integration Retail Integration Bus Retail Merchandising System Retail Order Broker Retail Order Management System Retail Point Of Service Retail Predictive Application Server Retail Price Management Retail Returns Management Retail Service Backbone Retail Store Inventory Management Retail Xstore Point Of Service Siebel Ui Framework Spatial Studio Storagetek Acsls Storagetek Tape Analytics Thesaurus Management System Timesten In Memory Database Utilities Framework Utilities Testing Accelerator Weblogic Server Zfs Storage Application Integration Engineering Software
8.3
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.3 HIGH
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Primary rating from Vendor (oracle) · only source for this CVE.

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 21, 2021 - 15:15 cve.org
HIGH 8.3

DescriptionCVE.org

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

AnalysisAI

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-327. Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Affected products include: Oracle Advanced Networking Option, Oracle Agile Engineering Data Management, Oracle Agile Plm, Oracle Agile Product Lifecycle Management For Process, Oracle Airlines Data Model.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2021-2351 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy