Lucene search

OracleCVE-2021-2371

HistoryJul 21, 2021 - 3:15 p.m.

CVE-2021-2371

2021-07-2115:15:31

oracle

web.nvd.nist.gov

cve-2021-2371

oracle coherence

oracle fusion middleware

dos

vulnerability

cvss vector

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Affected configurations

Nvd

Vulners

Node

oraclecoherenceMatch3.7.1.0

oraclecoherenceMatch12.1.3.0.0

oraclecoherenceMatch12.2.1.3.0

oraclecoherenceMatch12.2.1.4.0

oraclecoherenceMatch14.1.1.0.0

VendorProductVersionCPE
oraclecoherence3.7.1.0cpe:2.3:a:oracle:coherence:3.7.1.0:*:*:*:*:*:*:*
oraclecoherence12.1.3.0.0cpe:2.3:a:oracle:coherence:12.1.3.0.0:*:*:*:*:*:*:*
oraclecoherence12.2.1.3.0cpe:2.3:a:oracle:coherence:12.2.1.3.0:*:*:*:*:*:*:*
oraclecoherence12.2.1.4.0cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*
oraclecoherence14.1.1.0.0cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	coherence	3.7.1.0	cpe:2.3:a:oracle:coherence:3.7.1.0:::::::*
oracle	coherence	12.1.3.0.0	cpe:2.3:a:oracle:coherence:12.1.3.0.0:::::::*
oracle	coherence	12.2.1.3.0	cpe:2.3:a:oracle:coherence:12.2.1.3.0:::::::*
oracle	coherence	12.2.1.4.0	cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*
oracle	coherence	14.1.1.0.0	cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*

CNA Affected

[
  {
    "product": "Coherence",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "3.7.1.0"
      },
      {
        "status": "affected",
        "version": "12.1.3.0.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.3.0"
      },
      {
        "status": "affected",
        "version": "12.2.1.4.0"
      },
      {
        "status": "affected",
        "version": "14.1.1.0.0"
      }
    ]
  }
]

References

www.oracle.com/security-alerts/cpujul2021.html

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Related for CVE-2021-2371