First published: Wed Oct 20 2021(Updated: )
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Supported versions that are affected are 13.4.0.0 and 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle Enterprise Manager Base Platform | =13.5.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-2137 is a vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager.
CVE-2021-2137 has a severity score of 8.8 out of 10, which is considered high.
Versions 13.4.0.0 and 13.5.0.0 of Oracle Enterprise Manager Base Platform are affected by CVE-2021-2137.
An attacker with low privileges and network access via HTTP can easily exploit CVE-2021-2137.
You can find more information about CVE-2021-2137 at the following URL: https://www.oracle.com/security-alerts/cpuoct2021.html