Sign-up

ID

VAR-202104-1560


CVE

CVE-2021-2317


TITLE

Oracle Storage Gateway  of  Oracle Cloud Infrastructure Storage Gateway  In  Management Console  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001563

DESCRIPTION

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href=" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html">here. Refer to Document <a href="https://support.oracle.com/rs?type=doc&id=2768897.1">2768897.1 for more details. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Trust: 1.8

sources: NVD: CVE-2021-2317 // JVNDB: JVNDB-2021-001563 // VULHUB: VHN-377003 // VULMON: CVE-2021-2317

AFFECTED PRODUCTS

vendor:oraclemodel:cloud infrastructure storage gatewayscope:ltversion:1.4

Trust: 1.0

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion:1.4

Trust: 0.8

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001563 // NVD: CVE-2021-2317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-2317
value: HIGH

Trust: 1.0

secalert_us@oracle.com: CVE-2021-2317
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-2317
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-1397
value: CRITICAL

Trust: 0.6

VULHUB: VHN-377003
value: HIGH

Trust: 0.1

VULMON: CVE-2021-2317
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-2317
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377003
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2021-2317
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001563
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377003 // VULMON: CVE-2021-2317 // JVNDB: JVNDB-2021-001563 // CNNVD: CNNVD-202104-1397 // NVD: CVE-2021-2317 // NVD: CVE-2021-2317

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-001563 // NVD: CVE-2021-2317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1397

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1397

PATCH

title:Oracle Critical Patch Update Advisory - April 2021 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 0.8

title:Oracle Cloud Infrastructure Storage Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147850

Trust: 0.6

sources: JVNDB: JVNDB-2021-001563 // CNNVD: CNNVD-202104-1397

EXTERNAL IDS

db:NVDid:CVE-2021-2317

Trust: 2.6

db:JVNDBid:JVNDB-2021-001563

Trust: 0.8

db:CNNVDid:CNNVD-202104-1397

Trust: 0.6

db:VULHUBid:VHN-377003

Trust: 0.1

db:VULMONid:CVE-2021-2317

Trust: 0.1

sources: VULHUB: VHN-377003 // VULMON: CVE-2021-2317 // JVNDB: JVNDB-2021-001563 // CNNVD: CNNVD-202104-1397 // NVD: CVE-2021-2317

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-2317

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377003 // VULMON: CVE-2021-2317 // JVNDB: JVNDB-2021-001563 // CNNVD: CNNVD-202104-1397 // NVD: CVE-2021-2317

SOURCES

db:VULHUBid:VHN-377003
db:VULMONid:CVE-2021-2317
db:JVNDBid:JVNDB-2021-001563
db:CNNVDid:CNNVD-202104-1397
db:NVDid:CVE-2021-2317

LAST UPDATE DATE

2024-11-23T22:20:45.614000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377003date:2021-04-26T00:00:00
db:VULMONid:CVE-2021-2317date:2021-04-26T00:00:00
db:JVNDBid:JVNDB-2021-001563date:2021-05-31T07:50:00
db:CNNVDid:CNNVD-202104-1397date:2021-04-27T00:00:00
db:NVDid:CVE-2021-2317date:2024-11-21T06:02:52.563

SOURCES RELEASE DATE

db:VULHUBid:VHN-377003date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-2317date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2021-001563date:2021-05-31T00:00:00
db:CNNVDid:CNNVD-202104-1397date:2021-04-20T00:00:00
db:NVDid:CVE-2021-2317date:2021-04-22T22:15:17.617