cbcvebase.
CVE-2021-2177
published 2021-04-22

CVE-2021-2177: Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily…

PriorityP261critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.50%
82.7th percentile
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.

Affected

2 ranges
VendorProductVersion rangeFixed in
oraclesecure_global_desktop
oracle_corporationsecure_global_desktop

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability affects Oracle Secure Global Desktop version 5.6, specifically the Gateway component. Detection should focus on unauthenticated network-level exploitation attempts against SGD Gateway services.
  • The vulnerability is exploitable via multiple protocols over the network without authentication, and successful exploitation results in full takeover. Monitor for anomalous unauthenticated sessions or unexpected process execution originating from the SGD Gateway component.
  • This vulnerability carries a CVSS score of 10.0 and is remotely exploitable. Prioritize alerting on any external/unauthenticated access to Oracle SGD Gateway endpoints.
  • ·The vulnerability is scoped to Oracle Secure Global Desktop version 5.6 only. Other versions are not listed as affected.
  • ·Attacks may have a scope change impact, meaning successful exploitation of SGD can significantly impact additional products beyond the vulnerable component itself.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_oracle10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.