CVE-2021-2447Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Secure Global Desktop

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-682Incorrect Calculation7 documents6 sources
Severity
9.9CRITICALNVD
EPSS
1.8%
top 17.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Secure Global DesktopOracle Secure Global Desktop
Timeline
PublishedJul 21
Latest updateDec 11

Description

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Glo

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

🔴Vulnerability Details

5
OSV
keystone vulnerabilities2025-12-11
GHSA
GHSA-2p3h-vm38-7wjp: Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server)2022-05-24
GHSA
Memory corruption when returning a literal struct with a private call inside of it2021-10-12
GHSA
missing clamps for decimal args in external functions2021-10-06
CVEList
CVE-2021-2447: Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server)2021-07-20

📋Vendor Advisories

1
Oracle
Oracle Oracle Virtualization Risk Matrix: Server — CVE-2021-24472021-07-15
CVE-2021-2447 — CRITICAL severity | cvebase