CVE-2021-2322

CWE-913 documents3 sources
Severity
8.8HIGH
EPSS
0.9%
top 23.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle OpengrokOracle Corporation Opengrok
Timeline
PublishedJun 23
Latest updateMay 24

Description

Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDoracle/opengrok1.6.7
CVEListV5oracle_corporation/opengrok1.6.7 and prior

🔴Vulnerability Details

2
GHSA
GHSA-hxwp-5hw8-g4xg: Vulnerability in OpenGrok (component: Web App)2022-05-24
CVEList
CVE-2021-2322: Vulnerability in OpenGrok (component: Web App)2021-06-23
CVE-2021-2322 (HIGH CVSS 8.8) | Vulnerability in OpenGrok (componen | cvebase.io