CVE-2021-1996

CWE-125Out-of-bounds ReadCWE-476NULL Pointer DereferenceCWE-369CWE-362Race ConditionCWE-416Use After FreeCWE-99CWE-20Improper Input Validation14 documents5 sources
Severity
2.4LOW
EPSS
0.3%
top 49.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Oracle Siebel UI FrameworkOracle Corporation Weblogic ServerOracle Agile Engineering Data Management+2 more
Timeline
PublishedJan 20
Latest updateFeb 26

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages5 packages

NVDoracle/weblogic_server10.3.6.0.0, 12.1.3.0.0+1
CVEListV5oracle_corporation/weblogic_server10.3.6.0.0, 12.1.3.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-c2jc-w78x-gvc4: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services)2022-05-24
CVEList
CVE-2021-1996: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services)2021-01-20

📋Vendor Advisories

8
Red Hat
kernel: video: fbdev: cirrusfb: check pixclock to avoid divide by zero2025-02-26
Red Hat
kernel: nfc: fix segfault in nfc_genl_dump_devices_done2024-06-19
Red Hat
kernel: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()2024-06-19
Red Hat
kernel: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()2024-05-22
Red Hat
kernel: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()2024-03-04