CVE-2021-2018

20.01.2021, 15:15

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: CVE-2021-2018 affects Windows platform only. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.3 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
oracle	CNA	8.3 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Vendor	Product	Version
oracle	adaptive_access_manager	11.1.2.3.0
oracle	data_integrator	11.1.1.9.0
oracle	data_integrator	12.2.1.3.0
oracle	data_integrator	12.2.1.4.0
oracle	enterprise_manager_for_fusion_applications	13.3.0.0
oracle	hospitality_simphony	18.2.7.2
oracle	hospitality_simphony	19.1.3
oracle	weblogic_server	12.2.1.3.0

𝑥

= Vulnerable software versions

References

https://www.oracle.com/security-alerts/cpujan2021.html