// For flags

CVE-2021-26271

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

Era posible ejecutar un ataque de tipo ReDoS dentro de CKEditor 4 versiones anteriores a 4.16, al persuadir a una víctima para pegar un texto diseñado en la entrada Styles de cuadros de diálogo específicos (en la pestaña Advanced para el plugin Dialogs)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-26 CVE Reserved
  • 2021-01-26 CVE Published
  • 2023-10-12 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ckeditor
Search vendor "Ckeditor"
Ckeditor
Search vendor "Ckeditor" for product "Ckeditor"
>= 4.0 < 4.16
Search vendor "Ckeditor" for product "Ckeditor" and version " >= 4.0 < 4.16"
-
Affected
Oracle
Search vendor "Oracle"
Agile Plm
Search vendor "Oracle" for product "Agile Plm"
9.3.5
Search vendor "Oracle" for product "Agile Plm" and version "9.3.5"
-
Affected
Oracle
Search vendor "Oracle"
Agile Plm
Search vendor "Oracle" for product "Agile Plm"
9.3.6
Search vendor "Oracle" for product "Agile Plm" and version "9.3.6"
-
Affected
Oracle
Search vendor "Oracle"
Application Express
Search vendor "Oracle" for product "Application Express"
< 21.1.0
Search vendor "Oracle" for product "Application Express" and version " < 21.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
>= 8.0.6 <= 8.0.9
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.6 <= 8.0.9"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.1.0
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.1.1
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Jd Edwards Enterpriseone Tools
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"
< 9.2.6.0
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version " < 9.2.6.0"
-
Affected
Oracle
Search vendor "Oracle"
Siebel Ui Framework
Search vendor "Oracle" for product "Siebel Ui Framework"
< 21.9
Search vendor "Oracle" for product "Siebel Ui Framework" and version " < 21.9"
-
Affected
Oracle
Search vendor "Oracle"
Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
12.2.1.3.0
Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
12.2.1.4.0
Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.4.0"
-
Affected