Vulnerabilities > CVE-2021-26271 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

ckeditor

oracle

CWE-829

NVD

Published: 2021-01-26

Updated: 2021-12-01

Summary

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

Vulnerable Configurations

Part	Description	Count
Application	Ckeditor Ckeditor Ckeditor 4.0 Ckeditor Ckeditor 4.0.1 Ckeditor Ckeditor 4.0.1.1 Ckeditor Ckeditor 4.0.2 Ckeditor Ckeditor 4.0.3 Ckeditor Ckeditor 4.1 Ckeditor Ckeditor 4.1.1 Ckeditor Ckeditor 4.1.2 Ckeditor Ckeditor 4.1.3 Ckeditor Ckeditor 4.2 Ckeditor Ckeditor 4.2.1 Ckeditor Ckeditor 4.2.2 Ckeditor Ckeditor 4.2.3 Ckeditor Ckeditor 4.3.0 Ckeditor Ckeditor 4.3.1 Ckeditor Ckeditor 4.3.2 Ckeditor Ckeditor 4.3.3 Ckeditor Ckeditor 4.3.4 Ckeditor Ckeditor 4.3.5 Ckeditor Ckeditor 4.4.0 Ckeditor Ckeditor 4.4.1 Ckeditor Ckeditor 4.4.2 Ckeditor Ckeditor 4.4.3 Ckeditor Ckeditor 4.4.4 Ckeditor Ckeditor 4.4.5 Ckeditor Ckeditor 4.4.6 Ckeditor Ckeditor 4.4.7 Ckeditor Ckeditor 4.4.8 Ckeditor Ckeditor 4.5.0 Ckeditor Ckeditor 4.5.1 Ckeditor Ckeditor 4.5.2 Ckeditor Ckeditor 4.5.3 Ckeditor Ckeditor 4.5.4 Ckeditor Ckeditor 4.5.5 Ckeditor Ckeditor 4.5.6 Ckeditor Ckeditor 4.5.7 Ckeditor Ckeditor 4.5.8 Ckeditor Ckeditor 4.5.9 Ckeditor Ckeditor 4.5.10 Ckeditor Ckeditor 4.5.11 Ckeditor Ckeditor 4.6.0 Ckeditor Ckeditor 4.6.1 Ckeditor Ckeditor 4.6.2 Ckeditor Ckeditor 4.7.0 Ckeditor Ckeditor 4.7.1 Ckeditor Ckeditor 4.7.2 Ckeditor Ckeditor 4.7.3 Ckeditor Ckeditor 4.8.0 Ckeditor Ckeditor 4.9.0 Ckeditor Ckeditor 4.9.1 Ckeditor Ckeditor 4.9.2 Ckeditor Ckeditor 4.10.0 Ckeditor Ckeditor 4.10.1 Ckeditor Ckeditor 4.11.0 Ckeditor Ckeditor 4.11.1 Ckeditor Ckeditor 4.11.2 Ckeditor Ckeditor 4.11.3 Ckeditor Ckeditor 4.11.4 Ckeditor Ckeditor 4.13.0 Ckeditor Ckeditor 4.13.1 Ckeditor Ckeditor 4.14 Ckeditor Ckeditor 4.14.0 Ckeditor Ckeditor 4.14.1 Ckeditor Ckeditor 4.15.0 Ckeditor Ckeditor 4.15.1	71
Application	Oracle Oracle Webcenter Sites 12.2.1.3.0 Oracle Webcenter Sites 12.2.1.4.0 Oracle Agile PLM 9.3.5 Oracle Agile PLM 9.3.6 Oracle JD Edwards Enterpriseone Tools 9.1 Oracle JD Edwards Enterpriseone Tools 9.1.5 Oracle JD Edwards Enterpriseone Tools 9.2 Oracle Financial Services Analytical Applications Infrastructure 8.1.1 Oracle Financial Services Analytical Applications Infrastructure 8.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.8 Oracle Financial Services Analytical Applications Infrastructure 8.0.8.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.9 Oracle Siebel UI Framework 8.1.1 Oracle Siebel UI Framework 8.2.2 Oracle Siebel UI Framework 16.0 Oracle Siebel UI Framework 17.0 Oracle Siebel UI Framework 18.7 Oracle Siebel UI Framework 18.8 Oracle Siebel UI Framework 18.9 Oracle Siebel UI Framework 19.0 Oracle Siebel UI Framework 19.8 Oracle Application Express 5.1.0 Oracle Application Express 5.1.1 Oracle Application Express 5.1.2 Oracle Application Express 5.1.2.00.09 Oracle Application Express 5.1.3 Oracle Application Express 5.1.3.00.05	38

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References