CVE-2021-2457

4 documents4 sources

Severity

5.3MEDIUM

EPSS

1.1%

top 21.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Identity Manager Oracle Identity Manager

Timeline

PublishedJul 21

Latest updateMay 24

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDoracle/identity_manager11.1.2.3.0

▶CVEListV5oracle_corporation/identity_manager11.1.2.3.0

🔴Vulnerability Details

GHSA

GHSA-gprv-4prc-v7gr: Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow)↗2022-05-24

▶

CVEList

CVE-2021-2457: Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow)↗2021-07-20

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Request Management & Workflow — CVE-2021-2457↗2021-07-15

▶