CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
oracleCNA
8.3 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
oracleadvanced_networking_option
12.1.0.2
oracleadvanced_networking_option
12.2.0.1
oracleagile_engineering_data_management
6.2.1.0
oracleagile_plm
9.3.6
oracleagile_product_lifecycle_management_for_process
6.2.2.0
oracleagile_product_lifecycle_management_for_process
6.2.3.0
oracleairlines_data_model
12.1.1.0.0
oracleairlines_data_model
12.2.0.1.0
oracleapplication_performance_management
13.4.1.0
oracleapplication_performance_management
13.5.1.0
oracleapplication_testing_suite
13.3.0.1
oracleargus_analytics
8.2.1
oracleargus_analytics
8.2.2
oracleargus_analytics
8.2.3
oracleargus_insight
8.2.1
oracleargus_insight
8.2.2
oracleargus_insight
8.2.3
oracleargus_mart
8.2.1
oracleargus_mart
8.2.2
oracleargus_mart
8.2.3
oracleargus_safety
8.2.1
oracleargus_safety
8.2.2
oracleargus_safety
8.2.3
oraclebanking_apis
18.1 ≤
𝑥
≤ 18.3
oraclebanking_apis
19.1
oraclebanking_apis
19.2
oraclebanking_apis
20.1
oraclebanking_apis
21.1
oraclebanking_digital_experience
18.1 ≤
𝑥
≤ 18.3
oraclebanking_digital_experience
17.2
oraclebanking_digital_experience
19.1
oraclebanking_digital_experience
19.2
oraclebanking_digital_experience
20.1
oraclebanking_digital_experience
21.1
oraclebanking_enterprise_default_management
2.10.0
oraclebanking_enterprise_default_management
2.12.0
oraclebanking_platform
2.6.2
oraclebanking_platform
2.7.1
oraclebanking_platform
2.12.0
oraclebig_data_spatial_and_graph
𝑥
< 23.1
oracleblockchain_platform
21.1.2
oracleclinical
5.2.1
oracleclinical
5.2.2
oraclecommerce_platform
11.3.0
oraclecommerce_platform
11.3.1
oraclecommerce_platform
11.3.2
oraclecommunications_application_session_controller
3.9.0
oraclecommunications_billing_and_revenue_management
12.0.0.4
oraclecommunications_billing_and_revenue_management
12.0.0.5
oraclecommunications_calendar_server
8.0.0.5.0
oraclecommunications_contacts_server
8.0.0.3.0
oraclecommunications_convergent_charging_controller
12.0.1.0.0 ≤
𝑥
≤ 12.0.4.0.0
oraclecommunications_convergent_charging_controller
6.0.1.0.0
oraclecommunications_data_model
11.3.2.1.0
oraclecommunications_data_model
11.3.2.2.0
oraclecommunications_data_model
11.3.2.3.0
oraclecommunications_data_model
12.1.0.1.0
oraclecommunications_data_model
12.1.2.0.0
oraclecommunications_design_studio
7.3.5
oraclecommunications_design_studio
7.4.0
oraclecommunications_design_studio
7.4.1
oraclecommunications_design_studio
7.4.2
oraclecommunications_diameter_intelligence_hub
8.0.0 ≤
𝑥
≤ 8.2.3
oraclecommunications_ip_service_activator
7.4.0
oraclecommunications_metasolv_solution
6.3.1
oraclecommunications_network_charging_and_control
12.0.1.0 ≤
𝑥
≤ 12.0.4.0.0
oraclecommunications_network_charging_and_control
6.0.1.0.0
oraclecommunications_network_integrity
7.3.5
oraclecommunications_network_integrity
7.3.6
oraclecommunications_pricing_design_center
12.0.0.4
oraclecommunications_pricing_design_center
12.0.0.5
oraclecommunications_services_gatekeeper
7.0
oraclecommunications_session_report_manager
8.0.0 ≤
𝑥
≤ 8.2.5.0
oraclecommunications_session_route_manager
8.2.0 ≤
𝑥
≤ 8.2.5
oracledata_integrator
12.2.1.3.0
oracledata_integrator
12.2.1.4.0
oracledemantra_demand_management
12.2.6 ≤
𝑥
≤ 12.2.11
oracledocumaker
12.6.2 ≤
𝑥
≤ 12.6.4
oracledocumaker
12.6.0
oracledocumaker
12.7.0
oracleenterprise_data_quality
12.2.1.3.0
oracleenterprise_data_quality
12.2.1.4.0
oracleenterprise_manager_base_platform
13.4.0.0
oracleenterprise_manager_base_platform
13.5.0.0
oracleenterprise_manager_ops_center
12.4.0.0
oraclefinancial_services_analytical_applications_infrastructure
8.0.7 ≤
𝑥
≤ 8.1.1
oraclefinancial_services_behavior_detection_platform
8.0.7
oraclefinancial_services_behavior_detection_platform
8.0.8
oraclefinancial_services_behavior_detection_platform
8.0.11
oraclefinancial_services_enterprise_case_management
8.0.7
oraclefinancial_services_enterprise_case_management
8.0.8
oraclefinancial_services_enterprise_case_management
8.0.11
oraclefinancial_services_foreign_account_tax_compliance_act_management
8.0.7
oraclefinancial_services_foreign_account_tax_compliance_act_management
8.0.8
oraclefinancial_services_foreign_account_tax_compliance_act_management
8.0.11
oraclefinancial_services_model_management_and_governance
8.0.8.0.0 ≤
𝑥
≤ 8.1.1.0.0
oraclefinancial_services_trade-based_anti_money_laundering
8.0.7
oraclefinancial_services_trade-based_anti_money_laundering
8.0.8
oracleflexcube_investor_servicing
12.0.4
oracleflexcube_investor_servicing
12.1.0
oracleflexcube_investor_servicing
12.3.0
oracleflexcube_investor_servicing
12.4.0
oracleflexcube_investor_servicing
14.4.0
oracleflexcube_investor_servicing
14.5.0
oracleflexcube_private_banking
12.0.0
oracleflexcube_private_banking
12.1.0
oraclefusion_middleware
12.2.1.3.0
oraclefusion_middleware
12.2.1.4.0
oraclegoldengate
𝑥
< 12.3.0.1.0
oraclegoldengate
19.1.0.0.1 ≤
𝑥
< 21.5.0.0.220118
oraclegoldengate_application_adapters
𝑥
< 23.1
oraclegraph_server_and_client
𝑥
< 21.4.0
oraclehealth_sciences_clinical_development_analytics
4.0.1
oraclehealth_sciences_inform_crf_submit
6.2.1
oraclehealth_sciences_information_manager
3.0.2
oraclehealth_sciences_information_manager
3.0.3
oraclehealthcare_data_repository
7.0.2
oraclehealthcare_data_repository
8.1.0
oraclehealthcare_data_repository
8.1.1
oraclehealthcare_foundation
7.3.0 ≤
𝑥
≤ 7.3.0.2
oraclehealthcare_foundation
8.0.0 ≤
𝑥
≤ 8.0.2
oraclehealthcare_foundation
8.1.0 ≤
𝑥
≤ 8.1.1
oraclehealthcare_translational_research
4.1.0
oraclehospitality_inventory_management
𝑥
< 9.1.0
oraclehospitality_inventory_management
9.1.0
oraclehospitality_opera_5
5.6
oraclehospitality_reporting_and_analytics
9.1.0
oraclehospitality_suite8
8.10.2
oraclehospitality_suite8
8.11.0
oraclehospitality_suite8
8.12.0
oraclehospitality_suite8
8.13.0
oraclehospitality_suite8
8.14.0
oraclehyperion_infrastructure_technology
11.2.7.0
oracleilearning
6.2
oracleilearning
6.3
oracleinstantis_enterprisetrack
17.1
oracleinstantis_enterprisetrack
17.2
oracleinstantis_enterprisetrack
17.3
oracleinsurance_data_gateway
11.0.2
oracleinsurance_data_gateway
11.1.0
oracleinsurance_data_gateway
11.2.7
oracleinsurance_data_gateway
11.3.0
oracleinsurance_data_gateway
11.3.1
oracleinsurance_insbridge_rating_and_underwriting
5.4 ≤
𝑥
≤ 5.6.0
oracleinsurance_insbridge_rating_and_underwriting
5.2.0
oracleinsurance_policy_administration
11.0.2
oracleinsurance_policy_administration
11.1.0
oracleinsurance_policy_administration
11.2.7
oracleinsurance_policy_administration
11.3.0
oracleinsurance_policy_administration
11.3.1
oracleinsurance_rules_palette
11.0.2
oracleinsurance_rules_palette
11.1.0
oracleinsurance_rules_palette
11.2.7
oracleinsurance_rules_palette
11.3.0
oracleinsurance_rules_palette
11.3.1
oraclejd_edwards_enterpriseone_tools
9.2.6.3
oracleoss_support_tools
𝑥
< 2.12.42
oraclepeoplesoft_enterprise_peopletools
8.57
oraclepeoplesoft_enterprise_peopletools
8.58
oraclepeoplesoft_enterprise_peopletools
8.59
oraclepolicy_automation
12.2.0 ≤
𝑥
≤ 12.2.24
oracleprimavera_analytics
18.8.3.3
oracleprimavera_analytics
19.12.11.1
oracleprimavera_analytics
20.12.12.0
oracleprimavera_data_warehouse
18.8.3.3
oracleprimavera_data_warehouse
19.12.11.1
oracleprimavera_data_warehouse
20.12.12.0
oracleprimavera_gateway
17.12.0 ≤
𝑥
≤ 17.12.11
oracleprimavera_gateway
18.8.0 ≤
𝑥
≤ 18.8.12
oracleprimavera_gateway
19.12.0 ≤
𝑥
≤ 19.12.11
oracleprimavera_gateway
20.12.0 ≤
𝑥
≤ 20.12.7
oracleprimavera_p6_enterprise_project_portfolio_management
17.12.0.0 ≤
𝑥
≤ 17.12.20
oracleprimavera_p6_enterprise_project_portfolio_management
18.8.0.0 ≤
𝑥
≤ 18.8.24
oracleprimavera_p6_enterprise_project_portfolio_management
19.12.0.0 ≤
𝑥
≤ 19.12.17.0
oracleprimavera_p6_enterprise_project_portfolio_management
20.12.0.0 ≤
𝑥
≤ 20.12.9.0
oracleprimavera_p6_professional_project_management
17.12 ≤
𝑥
≤ 17.12.20.0
oracleprimavera_p6_professional_project_management
18.8 ≤
𝑥
≤ 18.8.24.0
oracleprimavera_p6_professional_project_management
19.12.0.0 ≤
𝑥
≤ 19.12.17.0
oracleprimavera_p6_professional_project_management
20.12.0.0 ≤
𝑥
≤ 20.12.9.0
oracleprimavera_unifier
17.7 ≤
𝑥
≤ 17.12
oracleprimavera_unifier
18.8
oracleprimavera_unifier
19.12
oracleprimavera_unifier
20.12
oracleprimavera_unifier
21.12
oracleproduct_lifecycle_analytics
3.6.1
oraclerapid_planning
12.2.6 ≤
𝑥
≤ 12.2.11
oraclereal_user_experience_insight
13.4.1.0
oraclereal_user_experience_insight
13.5.1.0
oracleretail_analytics
16.0.0 ≤
𝑥
≤ 16.0.2
oracleretail_assortment_planning
16.0.3
oracleretail_back_office
14.1
oracleretail_central_office
14.1
oracleretail_customer_insights
16.0 ≤
𝑥
≤ 16.0.2
oracleretail_extract_transform_and_load
13.2.8
oracleretail_financial_integration
14.1.3.2
oracleretail_financial_integration
15.0.3.1
oracleretail_financial_integration
16.0.3.0
oracleretail_financial_integration
19.0.1
oracleretail_integration_bus
14.1.3.2
oracleretail_integration_bus
15.0.3.1
oracleretail_integration_bus
16.0.3
oracleretail_integration_bus
19.0.1
oracleretail_merchandising_system
19.0.1
oracleretail_order_broker
16.0
oracleretail_order_broker
18.0
oracleretail_order_broker
19.1
oracleretail_order_management_system
19.5
oracleretail_point-of-service
14.1
oracleretail_predictive_application_server
14.1.3
oracleretail_predictive_application_server
15.0.3
oracleretail_predictive_application_server
16.0.3
oracleretail_price_management
14.1
oracleretail_price_management
15.0
oracleretail_price_management
16.0
oracleretail_returns_management
14.1
oracleretail_service_backbone
14.1.3.2
oracleretail_service_backbone
15.0.3.1
oracleretail_service_backbone
16.0.3
oracleretail_service_backbone
19.0.1
oracleretail_store_inventory_management
14.1
oracleretail_store_inventory_management
15.0
oracleretail_store_inventory_management
16.0
oracleretail_xstore_point_of_service
17.0.4
oracleretail_xstore_point_of_service
18.0.3
oracleretail_xstore_point_of_service
19.0.2
oracleretail_xstore_point_of_service
20.0.1
oraclesiebel_ui_framework
𝑥
≤ 21.12
oraclespatial_studio
𝑥
< 21.2.1
oraclestoragetek_acsls
8.5.1
oraclestoragetek_tape_analytics
2.4
oraclethesaurus_management_system
5.2.3
oraclethesaurus_management_system
5.3.0
oraclethesaurus_management_system
5.3.1
oracletimesten_in-memory_database
𝑥
< 21.1.1.1.0
oracletimesten_in-memory_database
21.1.1.1.0
oracleutilities_framework
4.3.0.1.0 ≤
𝑥
≤ 4.3.0.6.0
oracleutilities_framework
4.2.0.3.0
oracleutilities_framework
4.4.0.0.0
oracleutilities_framework
4.4.0.2.0
oracleutilities_framework
4.4.0.3.0
oracleutilities_testing_accelerator
6.0.0.1.1
oracleutilities_testing_accelerator
6.0.0.2.2
oracleutilities_testing_accelerator
6.0.0.3.1
oracleweblogic_server
12.2.1.3.0
oracleweblogic_server
12.2.1.4.0
oracleweblogic_server
14.1.1.0.0
oraclezfs_storage_application_integration_engineering_software
1.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html
http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html
http://seclists.org/fulldisclosure/2021/Dec/19
http://seclists.org/fulldisclosure/2021/Dec/20
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujan2023.html
https://www.oracle.com/security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html
http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html
http://seclists.org/fulldisclosure/2021/Dec/19
http://seclists.org/fulldisclosure/2021/Dec/20
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujan2023.html
https://www.oracle.com/security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html