CVE-2021-2018
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: CVE-2021-2018 affects Windows platform only. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Vulnerabilidad en el componente Advanced Networking Option de Oracle Database Server. Las versiones compatibles que están afectadas son 18c y 19c. La vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso de red por medio de Oracle Net comprometer a Advanced Networking Option. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante y, aunque la vulnerabilidad se encuentra en Advanced Networking Option, los ataques pueden afectar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Advanced Networking Option. Nota: CVE-2021-2018 afecta solo a la plataforma Windows. CVSS 3.1 Puntuación Base 8.3 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2020-12-09 CVE Reserved
- 2021-01-20 CVE Published
- 2023-10-06 EPSS Updated
- 2024-09-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujan2021.html | 2021-01-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Advanced Networking Option Search vendor "Oracle" for product "Advanced Networking Option" | 18c Search vendor "Oracle" for product "Advanced Networking Option" and version "18c" | . |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Advanced Networking Option Search vendor "Oracle" for product "Advanced Networking Option" | 19c Search vendor "Oracle" for product "Advanced Networking Option" and version "19c" | . |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Adaptive Access Manager Search vendor "Oracle" for product "Adaptive Access Manager" | 11.1.2.3.0 Search vendor "Oracle" for product "Adaptive Access Manager" and version "11.1.2.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Data Integrator Search vendor "Oracle" for product "Data Integrator" | 11.1.1.9.0 Search vendor "Oracle" for product "Data Integrator" and version "11.1.1.9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Data Integrator Search vendor "Oracle" for product "Data Integrator" | 12.2.1.3.0 Search vendor "Oracle" for product "Data Integrator" and version "12.2.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Data Integrator Search vendor "Oracle" for product "Data Integrator" | 12.2.1.4.0 Search vendor "Oracle" for product "Data Integrator" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager For Fusion Applications Search vendor "Oracle" for product "Enterprise Manager For Fusion Applications" | 13.3.0.0 Search vendor "Oracle" for product "Enterprise Manager For Fusion Applications" and version "13.3.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hospitality Simphony Search vendor "Oracle" for product "Hospitality Simphony" | 18.2.7.2 Search vendor "Oracle" for product "Hospitality Simphony" and version "18.2.7.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hospitality Simphony Search vendor "Oracle" for product "Hospitality Simphony" | 19.1.3 Search vendor "Oracle" for product "Hospitality Simphony" and version "19.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Weblogic Server Search vendor "Oracle" for product "Weblogic Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0" | - |
Affected
| ||||||