Sign-up

ID

VAR-202104-1563


CVE

CVE-2021-2320


TITLE

Oracle Storage Gateway  of  Oracle Cloud Infrastructure Storage Gateway  In  Management Console  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001566

DESCRIPTION

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway (component: Management Console). The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cloud Infrastructure Storage Gateway. While the vulnerability is in Oracle Cloud Infrastructure Storage Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Cloud Infrastructure Storage Gateway. Note: Updating the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later will address these vulnerabilities. Download the latest version of Oracle Cloud Infrastructure Storage Gateway from <a href=" https://www.oracle.com/downloads/cloud/oci-storage-gateway-downloads.html">here. Refer to Document <a href="https://support.oracle.com/rs?type=doc&id=2768897.1">2768897.1 for more details. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). (DoS) An attack may occur

Trust: 1.8

sources: NVD: CVE-2021-2320 // JVNDB: JVNDB-2021-001566 // VULHUB: VHN-377006 // VULMON: CVE-2021-2320

AFFECTED PRODUCTS

vendor:oraclemodel:cloud infrastructure storage gatewayscope:ltversion:1.4

Trust: 1.0

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion:1.4

Trust: 0.8

vendor:オラクルmodel:oracle cloud infrastructure storage gatewayscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001566 // NVD: CVE-2021-2320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-2320
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2021-2320
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-2320
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202104-1488
value: CRITICAL

Trust: 0.6

VULHUB: VHN-377006
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-2320
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-2320
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-377006
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2021-2320
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2021-001566
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-377006 // VULMON: CVE-2021-2320 // JVNDB: JVNDB-2021-001566 // CNNVD: CNNVD-202104-1488 // NVD: CVE-2021-2320 // NVD: CVE-2021-2320

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-001566 // NVD: CVE-2021-2320

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1488

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1488

PATCH

title:Oracle Critical Patch Update Advisory - April 2021 Oracle Critical Patch Updateurl:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 0.8

title:Oracle Cloud Infrastructure Storage Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147941

Trust: 0.6

sources: JVNDB: JVNDB-2021-001566 // CNNVD: CNNVD-202104-1488

EXTERNAL IDS

db:NVDid:CVE-2021-2320

Trust: 2.6

db:JVNDBid:JVNDB-2021-001566

Trust: 0.8

db:CNNVDid:CNNVD-202104-1488

Trust: 0.6

db:VULHUBid:VHN-377006

Trust: 0.1

db:VULMONid:CVE-2021-2320

Trust: 0.1

sources: VULHUB: VHN-377006 // VULMON: CVE-2021-2320 // JVNDB: JVNDB-2021-001566 // CNNVD: CNNVD-202104-1488 // NVD: CVE-2021-2320

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-2320

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-377006 // VULMON: CVE-2021-2320 // JVNDB: JVNDB-2021-001566 // CNNVD: CNNVD-202104-1488 // NVD: CVE-2021-2320

SOURCES

db:VULHUBid:VHN-377006
db:VULMONid:CVE-2021-2320
db:JVNDBid:JVNDB-2021-001566
db:CNNVDid:CNNVD-202104-1488
db:NVDid:CVE-2021-2320

LAST UPDATE DATE

2024-11-23T22:57:57.090000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-377006date:2021-04-29T00:00:00
db:VULMONid:CVE-2021-2320date:2021-04-29T00:00:00
db:JVNDBid:JVNDB-2021-001566date:2021-05-31T07:50:00
db:CNNVDid:CNNVD-202104-1488date:2021-05-07T00:00:00
db:NVDid:CVE-2021-2320date:2024-11-21T06:02:52.947

SOURCES RELEASE DATE

db:VULHUBid:VHN-377006date:2021-04-22T00:00:00
db:VULMONid:CVE-2021-2320date:2021-04-22T00:00:00
db:JVNDBid:JVNDB-2021-001566date:2021-05-31T00:00:00
db:CNNVDid:CNNVD-202104-1488date:2021-04-20T00:00:00
db:NVDid:CVE-2021-2320date:2021-04-22T22:15:17.703