CVE-2021-2401
published 2021-07-21CVE-2021-2401: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are…
PriorityP353medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
84.82%
99.7th percentile
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | bi_publisher | — | — |
| oracle | bi_publisher | — | — |
| oracle | bi_publisher | — | — |
| oracle | bi_publisher | — | — |
| oracle_corporation | bi_publisher | — | — |
| oracle_corporation | bi_publisher | — | — |
| oracle_corporation | bi_publisher | — | — |
| oracle_corporation | bi_publisher | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-2401 affects Oracle BI Publisher via HTTP with no authentication required (PR:N/UI:N), target the E-Business Suite - XDO component; monitor for unauthenticated HTTP requests to BI Publisher XDO endpoints ↗
- →Affected Oracle BI Publisher versions are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0; flag traffic to/from unpatched instances of these versions ↗
- ·Exploitation is network-based over HTTP with no privileges or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N), meaning the attack surface is fully exposed on any internet- or network-facing BI Publisher deployment ↗
- ·Impact is limited to unauthorized read access (Confidentiality only); no integrity or availability impact reported ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
vendor_oracle5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xchm-27qm-h7w6: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO)
ghsa_unreviewed·2022-05-24
CVE-2021-2401 [MEDIUM] CWE-200 GHSA-xchm-27qm-h7w6: Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO)
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Red Hat
kernel: ext4: kernel bug in ext4_write_inline_data_end()
vendor_redhat·2024-01-18·CVSS 5.5
CVE-2021-33631 [MEDIUM] CWE-190 kernel: ext4: kernel bug in ext4_write_inline_data_end()
kernel: ext4: kernel bug in ext4_write_inline_data_end()
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
A flaw was found in the openEuler kernel in Linux filesystem modules that allows an integer overflow via mounting a corrupted filesystem. This issue affects the openEuler kernel in versions from 4.19.90 through 4.19.90-2401.3 and 5.10.0-60.18.0 through 5.10.0-183.0.0.
Statement: Red Hat has protection mechanisms in place against buffer overflows, such as FORTIFY_SOURCE, Position Independent Executables or Stack Smashing Protection.
Mitigation: Mitigation for this issue is either not available
Red Hat
kernel: net/sched: cbs NULL pointer dereference when offloading is enabled
vendor_redhat·2024-01-18·CVSS 5.5
CVE-2021-33630 [MEDIUM] CWE-476 kernel: net/sched: cbs NULL pointer dereference when offloading is enabled
kernel: net/sched: cbs NULL pointer dereference when offloading is enabled
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.
This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.
A NULL pointer dereference flaw was found in the Linux kernel's network scheduler. This issue occurs when offloading is enabled, the cbs instance is not added to the list. The code also incorrectly handles the case when offload is disabled without removing the qdisc. This could allow a local user to cause a denial of service condition.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Pr
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: E-Business Suite - XDO — CVE-2021-2401
vendor_oracle·2021-07-15·CVSS 5.3
CVE-2021-2401 [MEDIUM] Oracle Oracle Fusion Middleware Risk Matrix: E-Business Suite - XDO — CVE-2021-2401
Oracle Oracle Fusion Middleware Risk Matrix: E-Business Suite - XDO vulnerability
CVE: CVE-2021-2401
CVSS: 5.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2021 (JUL 2021)
No detection rules found.
No public exploits indexed.
2021-07-21
Published