cbcvebase.
CVE-2021-2248
published 2021-04-22

CVE-2021-2248: Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily…

PriorityP261critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
2.50%
82.7th percentile
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.

Affected

2 ranges
VendorProductVersion rangeFixed in
oraclesecure_global_desktop
oracle_corporationsecure_global_desktop

Detection & IOCsextracted from sources · hover to see the quote

  • ·Affected product is Oracle Secure Global Desktop version 5.6 only; other versions are not listed as affected.
  • ·The vulnerability is exploitable over multiple network protocols by an unauthenticated attacker, meaning no credentials or prior access are required — broad network exposure should be assumed.
  • ·Successful exploitation can result in full takeover and may significantly impact additional (downstream/adjacent) products beyond Oracle Secure Global Desktop itself.
  • ·CVSS score is 10.0 (maximum), reflecting critical severity with no attack complexity, no privileges required, and no user interaction needed.

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_oracle10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.