CVE-2021-2018
First published: Wed Jan 20 2021(Updated: )
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: CVE-2021-2018 affects Windows platform only. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Advanced Networking Option | =18c | |
| Oracle Advanced Networking Option | =19c | |
| Microsoft Windows | ||
| Oracle Adaptive Access Manager | =11.1.2.3.0 | |
| Oracle Data Integrator | =11.1.1.9.0 | |
| Oracle Data Integrator | =12.2.1.3.0 | |
| Oracle Data Integrator | =12.2.1.4.0 | |
| Oracle Enterprise Manager For Fusion Applications | =13.3.0.0 | |
| Oracle Hospitality Simphony | =18.2.7.2 | |
| Oracle Hospitality Simphony | =19.1.3 | |
| Oracle WebLogic Server | =12.2.1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-2018?
CVE-2021-2018 is a vulnerability in the Advanced Networking Option component of Oracle Database Server that allows an unauthenticated attacker to compromise Advanced Networking Option.
Which versions of Oracle Database Server are affected by CVE-2021-2018?
Versions 18c and 19c of Oracle Database Server are affected by CVE-2021-2018.
How severe is CVE-2021-2018?
CVE-2021-2018 has a high severity rating of 8.3.
How can an attacker exploit CVE-2021-2018?
An attacker can exploit CVE-2021-2018 by gaining network access via Oracle Net.
Is CVE-2021-2018 difficult to exploit?
CVE-2021-2018 is considered to be a difficult vulnerability to exploit.
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/type
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle advanced networking option
- version/oracle advanced networking option/18c
- version/oracle advanced networking option/19c
- vendor/microsoft
- canonical/microsoft windows
- canonical/oracle adaptive access manager
- version/oracle adaptive access manager/11.1.2.3.0
- canonical/oracle data integrator
- version/oracle data integrator/11.1.1.9.0
- version/oracle data integrator/12.2.1.3.0
- version/oracle data integrator/12.2.1.4.0
- canonical/oracle enterprise manager for fusion applications
- version/oracle enterprise manager for fusion applications/13.3.0.0
- canonical/oracle hospitality simphony
- version/oracle hospitality simphony/18.2.7.2
- version/oracle hospitality simphony/19.1.3
- canonical/oracle weblogic server
- version/oracle weblogic server/12.2.1.3.0