CVE-2021-2257

MEDIUM

4.1

Description

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Storage Cloud Software Appliance. While the vulnerability is in Oracle Storage Cloud Software Appliance, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Storage Cloud Software Appliance accessible data. Note: Updating the Oracle Storage Cloud Software Appliance to version 16.3.1.4.2 or later will address these vulnerabilities. Download the latest version of Oracle Storage Cloud Software Appliance from <a href=" https://www.oracle.com/downloads/cloud/oscsa-downloads.html">here. Refer to Document <a href="https://support.oracle.com/rstype=doc&id=2768897.1">2768897.1 for more details. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).

CVE Details

CVSS v3.1 Score4.1

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published4/22/2021

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

oracle:storage_cloud_software_appliance

References

https://www.oracle.com/security-alerts/cpuapr2021.html(secalert_us@oracle.com)

https://www.oracle.com/security-alerts/cpuapr2021.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.