Sign-up

ID

VAR-202104-1561


CVE

CVE-2021-2318


TITLE

Oracle Storage Gateway  of  Oracle Cloud Infrastructure Storage Gateway  In  Management Console  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001564

DESCRIPTION

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href=" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html">here. Refer to Document <a href="https://support.oracle.com/rs?type=doc&id=2768897.1">2768897.1 for more details. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (DoS) An attack may occur

Trust: 1.8

sources: NVD: CVE-2021-2318 // JVNDB: JVNDB-2021-001564 // VULHUB: VHN-377004 // VULMON: CVE-2021-2318

AFFECTED PRODUCTS

vendor:oraclemodel:cloud infrastructure storage gatewayscope:ltversion:1.4

Trust: 1.0

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion:1.4

Trust: 0.8

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001564 // NVD: CVE-2021-2318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-2318
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2021-2318
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-2318
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-1501
value: CRITICAL

Trust: 0.6

VULHUB: VHN-377004
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-2318
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-2318
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377004
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2021-2318
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001564
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377004 // VULMON: CVE-2021-2318 // JVNDB: JVNDB-2021-001564 // CNNVD: CNNVD-202104-1501 // NVD: CVE-2021-2318 // NVD: CVE-2021-2318

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-001564 // NVD: CVE-2021-2318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1501

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1501

PATCH

title:Oracle Critical Patch Update Advisory - April 2021 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 0.8

title:Oracle Cloud Infrastructure Storage Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147954

Trust: 0.6

sources: JVNDB: JVNDB-2021-001564 // CNNVD: CNNVD-202104-1501

EXTERNAL IDS

db:NVDid:CVE-2021-2318

Trust: 2.6

db:JVNDBid:JVNDB-2021-001564

Trust: 0.8

db:CNNVDid:CNNVD-202104-1501

Trust: 0.6

db:VULHUBid:VHN-377004

Trust: 0.1

db:VULMONid:CVE-2021-2318

Trust: 0.1

sources: VULHUB: VHN-377004 // VULMON: CVE-2021-2318 // JVNDB: JVNDB-2021-001564 // CNNVD: CNNVD-202104-1501 // NVD: CVE-2021-2318

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-2318

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377004 // VULMON: CVE-2021-2318 // JVNDB: JVNDB-2021-001564 // CNNVD: CNNVD-202104-1501 // NVD: CVE-2021-2318

SOURCES

db:VULHUBid:VHN-377004
db:VULMONid:CVE-2021-2318
db:JVNDBid:JVNDB-2021-001564
db:CNNVDid:CNNVD-202104-1501
db:NVDid:CVE-2021-2318

LAST UPDATE DATE

2024-11-23T23:07:36.995000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377004date:2021-04-26T00:00:00
db:VULMONid:CVE-2021-2318date:2021-04-26T00:00:00
db:JVNDBid:JVNDB-2021-001564date:2021-05-31T07:50:00
db:CNNVDid:CNNVD-202104-1501date:2021-04-27T00:00:00
db:NVDid:CVE-2021-2318date:2024-11-21T06:02:52.690

SOURCES RELEASE DATE

db:VULHUBid:VHN-377004date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-2318date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2021-001564date:2021-05-31T00:00:00
db:CNNVDid:CNNVD-202104-1501date:2021-04-20T00:00:00
db:NVDid:CVE-2021-2318date:2021-04-22T22:15:17.647