// For flags

CVE-2021-26272

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

Era posible ejecutar un ataque de tipo ReDoS dentro de CKEditor 4 versiones anteriores a 4.16, al persuadir a una vĂ­ctima para pegar un texto similar a una URL en el editor y luego presionar Enter o Space (en el plugin Autolink)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-26 CVE Reserved
  • 2021-01-26 CVE Published
  • 2023-10-12 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-829: Inclusion of Functionality from Untrusted Control Sphere
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ckeditor
Search vendor "Ckeditor"
Ckeditor
Search vendor "Ckeditor" for product "Ckeditor"
>= 4.0 < 4.16
Search vendor "Ckeditor" for product "Ckeditor" and version " >= 4.0 < 4.16"
-
Affected
Oracle
Search vendor "Oracle"
Agile Plm
Search vendor "Oracle" for product "Agile Plm"
9.3.5
Search vendor "Oracle" for product "Agile Plm" and version "9.3.5"
-
Affected
Oracle
Search vendor "Oracle"
Agile Plm
Search vendor "Oracle" for product "Agile Plm"
9.3.6
Search vendor "Oracle" for product "Agile Plm" and version "9.3.6"
-
Affected
Oracle
Search vendor "Oracle"
Application Express
Search vendor "Oracle" for product "Application Express"
< 21.1.0
Search vendor "Oracle" for product "Application Express" and version " < 21.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Banking Party Management
Search vendor "Oracle" for product "Banking Party Management"
2.7.0
Search vendor "Oracle" for product "Banking Party Management" and version "2.7.0"
-
Affected
Oracle
Search vendor "Oracle"
Commerce Merchandising
Search vendor "Oracle" for product "Commerce Merchandising"
>= 11.3.0 <= 11.3.2
Search vendor "Oracle" for product "Commerce Merchandising" and version " >= 11.3.0 <= 11.3.2"
-
Affected
Oracle
Search vendor "Oracle"
Commerce Merchandising
Search vendor "Oracle" for product "Commerce Merchandising"
11.1.0
Search vendor "Oracle" for product "Commerce Merchandising" and version "11.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Commerce Merchandising
Search vendor "Oracle" for product "Commerce Merchandising"
11.2.0
Search vendor "Oracle" for product "Commerce Merchandising" and version "11.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
>= 8.0.6 <= 8.0.9
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version " >= 8.0.6 <= 8.0.9"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.1.0
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Analytical Applications Infrastructure
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure"
8.1.1
Search vendor "Oracle" for product "Financial Services Analytical Applications Infrastructure" and version "8.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Financial Services Model Management And Governance
Search vendor "Oracle" for product "Financial Services Model Management And Governance"
>= 8.0.8.0.0 <= 8.1.0.0.0
Search vendor "Oracle" for product "Financial Services Model Management And Governance" and version " >= 8.0.8.0.0 <= 8.1.0.0.0"
-
Affected
Oracle
Search vendor "Oracle"
Jd Edwards Enterpriseone Tools
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"
< 9.2.6.0
Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version " < 9.2.6.0"
-
Affected
Oracle
Search vendor "Oracle"
Siebel Ui Framework
Search vendor "Oracle" for product "Siebel Ui Framework"
<= 21.9
Search vendor "Oracle" for product "Siebel Ui Framework" and version " <= 21.9"
-
Affected
Oracle
Search vendor "Oracle"
Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
12.2.1.3.0
Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
Webcenter Sites
Search vendor "Oracle" for product "Webcenter Sites"
12.2.1.4.0
Search vendor "Oracle" for product "Webcenter Sites" and version "12.2.1.4.0"
-
Affected