CVE-2021-2018

CWE-20Improper Input ValidationCWE-843CWE-200Information ExposureCWE-787Out-of-bounds WriteCWE-416Use After Free33 documents12 sources
Severity
8.3HIGH
EPSS
1.3%
top 19.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Oracle Corporation Advanced Networking OptionOracle Adaptive Access ManagerOracle Advanced Networking Option+4 more
Timeline
PublishedJan 20
Latest updateDec 5

Description

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages7 packages

NVDoracle/weblogic_server12.2.1.3.0
NVDoracle/data_integrator11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0+2

🔴Vulnerability Details

7
OSV
libjpeg-turbo vulnerabilities2022-09-22
GHSA
GHSA-q87v-4pg3-cw3m: Vulnerability in the Advanced Networking Option component of Oracle Database Server2022-05-24
GHSA
Type confusion in mpath2021-09-02
OSV
qpdf vulnerabilities2021-08-02
OSV
qpdf vulnerabilities2021-07-29

💥Exploits & PoCs

8
Exploit-DB
Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)2022-05-11
Exploit-DB
phpMyAdmin 4.8.1 - Remote Code Execution (RCE)2021-10-25
Exploit-DB
Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)2021-10-18
Exploit-DB
WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution (RCE) (Authenticated) (2)2021-07-07
Exploit-DB
OpenEMR 5.0.1.3 - Authentication Bypass2021-06-16

📋Vendor Advisories

11
Red Hat
binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c2021-12-14
Red Hat
puppet: unsafe HTTP redirect2021-11-09
Oracle
Oracle Oracle Communications Risk Matrix: NPA Agent (Flexnet) — CVE-2018-200342021-10-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (LibExpat) — CVE-2018-208432021-10-15
Red Hat
mpath: type confusion can lead to a bypass of CVE-2018-164902021-09-01

🕵️Threat Intelligence

1
Bleepingcomputer
Hackers breach US govt agencies using Adobe ColdFusion exploit2023-12-05