Communications Session Border Controller
CVE-2021-2414
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Primary rating from Vendor (oracle) · only source for this CVE.
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. While the vulnerability is in Oracle Communications Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
AnalysisAI
Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Communications Session Border Controller. While the vulnerability is in Oracle Communications Session Border Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications Session Border Controller accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Affected products include: Oracle Communications Session Border Controller.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,
fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, l
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier m
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from t
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Rated high severity (CVSS 7.4), this vul
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Rated high severity (CVS
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vul
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vu
A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated cri
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arg
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today