Vulnerabilities > CVE-2021-2018 - Unspecified vulnerability in Oracle products

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

oracle

NVD

Published: 2021-01-20

Updated: 2021-01-25

Summary

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: CVE-2021-2018 affects Windows platform only. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Advanced Networking Option 18C Oracle Advanced Networking Option 19C Oracle Adaptive Access Manager 11.1.2.3.0 Oracle Data Integrator 11.1.1.9.0 Oracle Data Integrator 12.2.1.3.0 Oracle Data Integrator 12.2.1.4.0 Oracle Enterprise Manager FOR Fusion Applications 13.3.0.0 Oracle Hospitality Simphony 18.2.7.2 Oracle Hospitality Simphony 19.1.3 Oracle Weblogic Server 12.2.1.3.0	10
OS	Microsoft Microsoft Windows -	1

References

https://www.oracle.com/security-alerts/cpujan2021.html