Vulnerabilities > CVE-2021-26272 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

ckeditor

oracle

CWE-829

NVD

Published: 2021-01-26

Updated: 2022-03-01

Summary

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

Vulnerable Configurations

Part	Description	Count
Application	Ckeditor Ckeditor Ckeditor 4.0 Ckeditor Ckeditor 4.0.1 Ckeditor Ckeditor 4.0.1.1 Ckeditor Ckeditor 4.0.2 Ckeditor Ckeditor 4.0.3 Ckeditor Ckeditor 4.1 Ckeditor Ckeditor 4.1.1 Ckeditor Ckeditor 4.1.2 Ckeditor Ckeditor 4.1.3 Ckeditor Ckeditor 4.2 Ckeditor Ckeditor 4.2.1 Ckeditor Ckeditor 4.2.2 Ckeditor Ckeditor 4.2.3 Ckeditor Ckeditor 4.3.0 Ckeditor Ckeditor 4.3.1 Ckeditor Ckeditor 4.3.2 Ckeditor Ckeditor 4.3.3 Ckeditor Ckeditor 4.3.4 Ckeditor Ckeditor 4.3.5 Ckeditor Ckeditor 4.4.0 Ckeditor Ckeditor 4.4.1 Ckeditor Ckeditor 4.4.2 Ckeditor Ckeditor 4.4.3 Ckeditor Ckeditor 4.4.4 Ckeditor Ckeditor 4.4.5 Ckeditor Ckeditor 4.4.6 Ckeditor Ckeditor 4.4.7 Ckeditor Ckeditor 4.4.8 Ckeditor Ckeditor 4.5.0 Ckeditor Ckeditor 4.5.1 Ckeditor Ckeditor 4.5.2 Ckeditor Ckeditor 4.5.3 Ckeditor Ckeditor 4.5.4 Ckeditor Ckeditor 4.5.5 Ckeditor Ckeditor 4.5.6 Ckeditor Ckeditor 4.5.7 Ckeditor Ckeditor 4.5.8 Ckeditor Ckeditor 4.5.9 Ckeditor Ckeditor 4.5.10 Ckeditor Ckeditor 4.5.11 Ckeditor Ckeditor 4.6.0 Ckeditor Ckeditor 4.6.1 Ckeditor Ckeditor 4.6.2 Ckeditor Ckeditor 4.7.0 Ckeditor Ckeditor 4.7.1 Ckeditor Ckeditor 4.7.2 Ckeditor Ckeditor 4.7.3 Ckeditor Ckeditor 4.8.0 Ckeditor Ckeditor 4.9.0 Ckeditor Ckeditor 4.9.1 Ckeditor Ckeditor 4.9.2 Ckeditor Ckeditor 4.10.0 Ckeditor Ckeditor 4.10.1 Ckeditor Ckeditor 4.11.0 Ckeditor Ckeditor 4.11.1 Ckeditor Ckeditor 4.11.2 Ckeditor Ckeditor 4.11.3 Ckeditor Ckeditor 4.11.4 Ckeditor Ckeditor 4.13.0 Ckeditor Ckeditor 4.13.1 Ckeditor Ckeditor 4.14 Ckeditor Ckeditor 4.14.0 Ckeditor Ckeditor 4.14.1 Ckeditor Ckeditor 4.15.0 Ckeditor Ckeditor 4.15.1	71
Application	Oracle Oracle Webcenter Sites 12.2.1.3.0 Oracle Webcenter Sites 12.2.1.4.0 Oracle Agile PLM 9.3.5 Oracle Agile PLM 9.3.6 Oracle Commerce Merchandising 11.1.0 Oracle Commerce Merchandising 11.2.0 Oracle Commerce Merchandising 11.3.0 Oracle Commerce Merchandising 11.3.1 Oracle Commerce Merchandising 11.3.2 Oracle JD Edwards Enterpriseone Tools 9.1 Oracle JD Edwards Enterpriseone Tools 9.1.5 Oracle JD Edwards Enterpriseone Tools 9.2 Oracle Financial Services Model Management AND Governance 8.0.8.0.0 Oracle Financial Services Model Management AND Governance 8.1.0.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.1.1 Oracle Financial Services Analytical Applications Infrastructure 8.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.8 Oracle Financial Services Analytical Applications Infrastructure 8.0.8.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.9 Oracle Application Express 5.1.0 Oracle Application Express 5.1.1 Oracle Application Express 5.1.2 Oracle Application Express 5.1.2.00.09 Oracle Application Express 5.1.3 Oracle Application Express 5.1.3.00.05 Oracle Banking Party Management 2.7.0 Oracle Siebel UI Framework 8.1.1 Oracle Siebel UI Framework 8.2.2 Oracle Siebel UI Framework 16.0 Oracle Siebel UI Framework 17.0 Oracle Siebel UI Framework 18.7 Oracle Siebel UI Framework 18.8 Oracle Siebel UI Framework 18.9 Oracle Siebel UI Framework 19.0 Oracle Siebel UI Framework 19.8	46

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References