CVE-2021-2317 in Cloud Infrastructure Storage Gatewayالمعلومات

الملخص

بحسب MITRE • 23/04/2021

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from here. Refer to Document 2768897.1 for more details. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

مسؤول

Oracle

حجز

09/12/2020

إفشاء

23/04/2021

الاعتدال

تمت الموافقة

إدخال

VDB-173672

EPSS

0.01872

KEV

لا

النشاطات

منخفض جدًا

المصادر

Might our Artificial Intelligence support you?

Check our Alexa App!