Skip to main content

Communications Cloud Native Core Console CVE-2021-2471

MEDIUM
2021-10-20 secalert_us@oracle.com
5.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H

Primary rating from Vendor (oracle) · only source for this CVE.

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 20, 2021 - 11:16 cve.org
MEDIUM 5.9

DescriptionCVE.org

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).

AnalysisAI

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H). Affected products include: Oracle Communications Cloud Native Core Console, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Policy, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Oracle Mysql Connectors.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-22947 CRITICAL POC
10.0 Mar 03

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack whe

CVE-2022-22965 CRITICAL POC
9.8 Apr 01

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data b

CVE-2022-22963 CRITICAL POC
9.8 Apr 01

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is po

CVE-2021-22946 HIGH POC
7.5 Sep 29

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FT

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2021-22947 MEDIUM POC
5.9 Sep 29

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS s

CVE-2022-24407 HIGH
8.8 Feb 24

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE

CVE-2020-25638 HIGH
7.4 Dec 02

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. Rated high severity (CVSS 7.4), this

CVE-2019-10086 HIGH
7.3 Aug 20

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for a

CVE-2021-41973 MEDIUM
6.5 Nov 01

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. R

CVE-2021-30129 MEDIUM
6.5 Jul 12

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.

CVE-2021-21409 MEDIUM
5.9 Mar 30

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable h

Share

CVE-2021-2471 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy