Vulnerability in Oracle Advanced_networking_option
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network acces…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.025 (82.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.3 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Oracle Advanced_networking_option — versions 12.1.0.2, 12.2.0.1, 19c
- Oracle Agile_engineering_data_management — versions 6.2.1.0
- Oracle Agile_plm — versions 9.3.6
- Oracle Agile_product_lifecycle_management_for_process — versions 6.2.2.0, 6.2.3.0
- Oracle Airlines_data_model — versions 12.1.1.0.0, 12.2.0.1.0
- Oracle Application_performance_management — versions 13.4.1.0, 13.5.1.0
- Oracle Application_testing_suite — versions 13.3.0.1
- Oracle Argus_analytics — versions 8.2.1, 8.2.2, 8.2.3
- Oracle Argus_insight — versions 8.2.1, 8.2.2, 8.2.3
- Oracle Argus_mart — versions 8.2.1, 8.2.2, 8.2.3
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert_us@oracle.com (Patch, x_refsource_MISC, Vendor Advisory)
- secalert_us@oracle.com (Patch, x_refsource_MISC, Vendor Advisory)
- secalert_us@oracle.com (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- secalert_us@oracle.com (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- secalert_us@oracle.com (Patch, x_refsource_MISC, Vendor Advisory)
- secalert_us@oracle.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
- secalert_us@oracle.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
- secalert_us@oracle.com (Patch, x_refsource_MISC, Vendor Advisory)
- secalert_us@oracle.com (x_refsource_MISC, Vendor Advisory)
- secalert_us@oracle.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-2351?
- CVE-2021-2351 is a high-severity vulnerability in Oracle Advanced_networking_option, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 8.3/10. Published 2021-07-21.
- How severe is CVE-2021-2351?
- High severity. CVSS v3 base score is 8.3 out of 10.
- Is CVE-2021-2351 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.