Sign-up

ID

VAR-202104-1562


CVE

CVE-2021-2319


TITLE

Oracle Storage Gateway  of  Oracle Cloud Infrastructure Storage Gateway  In  Management Console  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001565

DESCRIPTION

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href=" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html">here. Refer to Document <a href="https://support.oracle.com/rs?type=doc&id=2768897.1">2768897.1 for more details. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (DoS) An attack may occur

Trust: 1.8

sources: NVD: CVE-2021-2319 // JVNDB: JVNDB-2021-001565 // VULHUB: VHN-377005 // VULMON: CVE-2021-2319

AFFECTED PRODUCTS

vendor:oraclemodel:cloud infrastructure storage gatewayscope:ltversion:1.4

Trust: 1.0

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion:1.4

Trust: 0.8

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001565 // NVD: CVE-2021-2319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-2319
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2021-2319
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-2319
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-1467
value: CRITICAL

Trust: 0.6

VULHUB: VHN-377005
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-2319
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-2319
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377005
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2021-2319
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001565
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377005 // VULMON: CVE-2021-2319 // JVNDB: JVNDB-2021-001565 // CNNVD: CNNVD-202104-1467 // NVD: CVE-2021-2319 // NVD: CVE-2021-2319

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-001565 // NVD: CVE-2021-2319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1467

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1467

PATCH

title:Oracle Critical Patch Update Advisory - April 2021 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 0.8

title:Oracle Cloud Infrastructure Storage Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147920

Trust: 0.6

sources: JVNDB: JVNDB-2021-001565 // CNNVD: CNNVD-202104-1467

EXTERNAL IDS

db:NVDid:CVE-2021-2319

Trust: 2.6

db:JVNDBid:JVNDB-2021-001565

Trust: 0.8

db:CNNVDid:CNNVD-202104-1467

Trust: 0.6

db:VULHUBid:VHN-377005

Trust: 0.1

db:VULMONid:CVE-2021-2319

Trust: 0.1

sources: VULHUB: VHN-377005 // VULMON: CVE-2021-2319 // JVNDB: JVNDB-2021-001565 // CNNVD: CNNVD-202104-1467 // NVD: CVE-2021-2319

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-2319

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377005 // VULMON: CVE-2021-2319 // JVNDB: JVNDB-2021-001565 // CNNVD: CNNVD-202104-1467 // NVD: CVE-2021-2319

SOURCES

db:VULHUBid:VHN-377005
db:VULMONid:CVE-2021-2319
db:JVNDBid:JVNDB-2021-001565
db:CNNVDid:CNNVD-202104-1467
db:NVDid:CVE-2021-2319

LAST UPDATE DATE

2024-11-23T22:54:47.838000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377005date:2021-04-26T00:00:00
db:VULMONid:CVE-2021-2319date:2021-04-26T00:00:00
db:JVNDBid:JVNDB-2021-001565date:2021-05-31T07:50:00
db:CNNVDid:CNNVD-202104-1467date:2021-04-27T00:00:00
db:NVDid:CVE-2021-2319date:2024-11-21T06:02:52.820

SOURCES RELEASE DATE

db:VULHUBid:VHN-377005date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-2319date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2021-001565date:2021-05-31T00:00:00
db:CNNVDid:CNNVD-202104-1467date:2021-04-20T00:00:00
db:NVDid:CVE-2021-2319date:2021-04-22T22:15:17.673