CVE-2021-2351
Description
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: Changes in Native Network Encryption with the July 2021 Critical Patch Update (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Hospitality OPERA 5 5.6 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.1 | Windows |
| Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.2 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.20.0 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.24.0 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.17.0 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 20.12.9.0 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.58 | Windows |
| Vulnerabilities CVE-2020-2556,CVE-2021-2351 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 17.12.15.0 | Windows |
| Vulnerabilities CVE-2021-2351,CVE-2021-41182,CVE-2021-41183,CVE-2022-21464 are affected in JD Edwards EnterpriseOne Tools 9.2.6.3 | Windows |
| Multiple Vulnerabilities are affected in Oracle Corporation PeopleSoft Enterprise PeopleTools 8.59 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 18.8.23 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 19.12.14 | Windows |
| Vulnerabilities CVE-2021-2351 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 20.12.0.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234