Lucene search

OracleCVE-2021-2302

HistoryApr 22, 2021 - 10:15 p.m.

CVE-2021-2302

2021-04-2222:15:17

oracle

web.nvd.nist.gov

cve-2021-2302

oracle

platform security

java

oracle fusion middleware

vulnerability

opss

network access

http

cvss 3.1

confidentiality

integrity

availability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.717

Percentile

98.1%

JSON

Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware (component: OPSS). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Platform Security for Java. Successful attacks of this vulnerability can result in takeover of Oracle Platform Security for Java. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected configurations

Nvd

Vulners

Node

oracleplatform_security_for_javaMatch11.1.1.9.0

oracleplatform_security_for_javaMatch12.2.1.3.0

oracleplatform_security_for_javaMatch12.2.1.4.0

VendorProductVersionCPE
oracleplatform_security_for_java11.1.1.9.0cpe:2.3:a:oracle:platform_security_for_java:11.1.1.9.0:*:*:*:*:*:*:*
oracleplatform_security_for_java12.2.1.3.0cpe:2.3:a:oracle:platform_security_for_java:12.2.1.3.0:*:*:*:*:*:*:*
oracleplatform_security_for_java12.2.1.4.0cpe:2.3:a:oracle:platform_security_for_java:12.2.1.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	platform_security_for_java	11.1.1.9.0	cpe:2.3:a:oracle:platform_security_for_java:11.1.1.9.0:::::::*
oracle	platform_security_for_java	12.2.1.3.0	cpe:2.3:a:oracle:platform_security_for_java:12.2.1.3.0:::::::*
oracle	platform_security_for_java	12.2.1.4.0	cpe:2.3:a:oracle:platform_security_for_java:12.2.1.4.0:::::::*

CNA Affected

[
  {
    "product": "Platform Security for Java",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "11.1.1.9.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      }
    ]
  }
]

References

www.oracle.com/security-alerts/cpuapr2021.html

www.zerodayinitiative.com/advisories/ZDI-21-460/

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.717

Percentile

98.1%

JSON

Related for CVE-2021-2302