CVE-2021-21783

CWE-680 CWE-190 — Integer Overflow8 documents6 sources

Severity

9.8CRITICAL

EPSS

2.1%

top 16.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Communications Diameter Signaling Router Oracle Communications Eagle Application Processor Oracle Tekelec Virtual Operating Environment +3 more

Timeline

PublishedMar 25

Latest updateOct 15

Description

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶NVDgenivia/gsoap2.8.107

▶CVEListV5geniviaGenivia gSOAP 2.8.109, Genivia gSOAP 2.8.110

▶NVDoracle/tekelec_virtual_operating_environment3.4.0 — 3.7.1

▶NVDoracle/communications_diameter_signaling_router8.0.0 — 8.5.0

▶NVDoracle/communications_eagle_application_processor16.1.0 — 16.4.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-pf2j-vqc7-8qr7: A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2↗2022-05-24

▶

OSV

CVE-2021-21783: A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2↗2021-03-25

▶

CVEList

CVE-2021-21783: A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2↗2021-03-25

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Platform (gSOAP) — CVE-2021-21783↗2022-10-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Platform (gSOAP) — CVE-2021-21783↗2022-01-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Platform (gSOAP) — CVE-2021-21783↗2021-10-15

▶

Debian

CVE-2021-21783: gsoap - A code execution vulnerability exists in the WS-Addressing plugin functionality ...↗2021

▶