high
8.3
CWE
327 384
Advisory Published
Updated

CVE-2021-2351

First published: Tue Jul 20 2021(Updated: )

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected SoftwareAffected VersionHow to fix
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
Oracle Agile Product Lifecycle Management for Process=6.2.3.0
Oracle Airlines Data Model=12.1.1.0.0
Oracle Airlines Data Model=12.2.0.1.0
Oracle Application Performance Management=13.4.1.0
Oracle Application Performance Management=13.5.1.0
Oracle Application Testing Suite=13.3.0.1
Oracle Argus Analytics=8.2.1
Oracle Argus Analytics=8.2.2
Oracle Argus Analytics=8.2.3
Oracle Argus Insight=8.2.1
Oracle Argus Insight=8.2.2
Oracle Argus Insight=8.2.3
Oracle Argus Mart=8.2.1
Oracle Argus Mart=8.2.2
Oracle Argus Mart=8.2.3
Oracle Argus Safety=8.2.1
Oracle Argus Safety=8.2.2
Oracle Argus Safety=8.2.3
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
Oracle Banking Apis=19.2
Oracle Banking Apis=20.1
Oracle Banking Apis=21.1
Oracle Banking Digital Experience>=18.1<=18.3
Oracle Banking Digital Experience=17.2
Oracle Banking Digital Experience=19.1
Oracle Banking Digital Experience=19.2
Oracle Banking Digital Experience=20.1
Oracle Banking Digital Experience=21.1
Oracle Banking Enterprise Default Management=2.10.0
Oracle Banking Enterprise Default Management=2.12.0
Oracle Banking Platform=2.6.2
Oracle Banking Platform=2.7.1
Oracle Banking Platform=2.12.0
Oracle Big Data Spatial And Graph<23.1
Oracle Blockchain Platform=21.1.2
Oracle Clinical=5.2.1
Oracle Clinical=5.2.2
Oracle Commerce Platform=11.3.0
Oracle Commerce Platform=11.3.1
Oracle Commerce Platform=11.3.2
Oracle Communications Application Session Controller=3.9.0
Oracle Communications Billing and Revenue Management=12.0.0.4
Oracle Communications Billing and Revenue Management=12.0.0.5
Oracle Communications Calendar Server=8.0.0.5.0
Oracle Communications Contacts Server=8.0.0.3.0
Oracle Communications Convergent Charging Controller>=12.0.1.0.0<=12.0.4.0.0
Oracle Communications Convergent Charging Controller=6.0.1.0.0
Oracle Communications Data Model=11.3.2.1.0
Oracle Communications Data Model=11.3.2.2.0
Oracle Communications Data Model=11.3.2.3.0
Oracle Communications Data Model=12.1.0.1.0
Oracle Communications Data Model=12.1.2.0.0
Oracle Communications Design Studio=7.3.5
Oracle Communications Design Studio=7.4.0
Oracle Communications Design Studio=7.4.1
Oracle Communications Design Studio=7.4.2
Oracle Communications Diameter Intelligence Hub>=8.0.0<=8.2.3
Oracle Communications Ip Service Activator=7.4.0
Oracle Communications Metasolv Solution=6.3.1
Oracle Communications Network Charging And Control>=12.0.1.0<=12.0.4.0.0
Oracle Communications Network Charging And Control=6.0.1.0.0
Oracle Communications Network Integrity=7.3.5
Oracle Communications Network Integrity=7.3.6
Oracle Communications Pricing Design Center=12.0.0.4
Oracle Communications Pricing Design Center=12.0.0.5
Oracle Communications Services Gatekeeper=7.0
Oracle Communications Session Report Manager>=8.0.0<=8.2.5.0
Oracle Communications Session Route Manager>=8.2.0<=8.2.5
Oracle Data Integrator=12.2.1.3.0
Oracle Data Integrator=12.2.1.4.0
Oracle Demantra Demand Management>=12.2.6<=12.2.11
Oracle Documaker>=12.6.2<=12.6.4
Oracle Documaker=12.6.0
Oracle Documaker=12.7.0
Oracle Enterprise Data Quality=12.2.1.3.0
Oracle Enterprise Data Quality=12.2.1.4.0
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Enterprise Manager Base Platform=13.5.0.0
Oracle Enterprise Manager Ops Center=12.4.0.0
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7<=8.1.1
Oracle Financial Services Behavior Detection Platform=8.0.7
Oracle Financial Services Behavior Detection Platform=8.0.8
Oracle Financial Services Behavior Detection Platform=8.0.11
Oracle Financial Services Enterprise Case Management=8.0.7
Oracle Financial Services Enterprise Case Management=8.0.8
Oracle Financial Services Enterprise Case Management=8.0.11
Oracle Financial Services Foreign Account Tax Compliance Act Management=8.0.7
Oracle Financial Services Foreign Account Tax Compliance Act Management=8.0.8
Oracle Financial Services Foreign Account Tax Compliance Act Management=8.0.11
Oracle Financial Services Model Management And Governance>=8.0.8.0.0<=8.1.1.0.0
Oracle Financial Services Trade-based Anti Money Laundering=8.0.7
Oracle Financial Services Trade-based Anti Money Laundering=8.0.8
Oracle FLEXCUBE Investor Servicing=12.0.4
Oracle FLEXCUBE Investor Servicing=12.1.0
Oracle FLEXCUBE Investor Servicing=12.3.0
Oracle FLEXCUBE Investor Servicing=12.4.0
Oracle FLEXCUBE Investor Servicing=14.4.0
Oracle FLEXCUBE Investor Servicing=14.5.0
Oracle FLEXCUBE Private Banking=12.0.0
Oracle FLEXCUBE Private Banking=12.1.0
Oracle Fusion Middleware=12.2.1.3.0
Oracle Fusion Middleware=12.2.1.4.0
Oracle GoldenGate<12.3.0.1.0
Oracle GoldenGate>=19.1.0.0.1<21.5.0.0.220118
Oracle Goldengate Application Adapters<23.1
Oracle Graph Server And Client<21.4.0
Oracle Health Sciences Clinical Development Analytics=4.0.1
Oracle Health Sciences Inform Crf Submit=6.2.1
Oracle Health Sciences Information Manager=3.0.2
Oracle Health Sciences Information Manager=3.0.3
Oracle Healthcare Data Repository=7.0.2
Oracle Healthcare Data Repository=8.1.0
Oracle Healthcare Data Repository=8.1.1
Oracle Healthcare Foundation>=7.3.0<=7.3.0.2
Oracle Healthcare Foundation>=8.0.0<=8.0.2
Oracle Healthcare Foundation>=8.1.0<=8.1.1
Oracle Healthcare Translational Research=4.1.0
Oracle Hospitality Inventory Management<9.1.0
Oracle Hospitality Inventory Management=9.1.0
Oracle Hospitality Opera 5=5.6
Oracle Hospitality Suite8=8.10.2
Oracle Hospitality Suite8=8.11.0
Oracle Hospitality Suite8=8.12.0
Oracle Hospitality Suite8=8.13.0
Oracle Hospitality Suite8=8.14.0
Oracle Hyperion Infrastructure Technology=11.2.7.0
Oracle iLearning=6.2
Oracle iLearning=6.3
Oracle Instantis Enterprisetrack=17.1
Oracle Instantis Enterprisetrack=17.2
Oracle Instantis Enterprisetrack=17.3
Oracle Insurance Data Gateway=11.0.2
Oracle Insurance Data Gateway=11.1.0
Oracle Insurance Data Gateway=11.2.7
Oracle Insurance Data Gateway=11.3.0
Oracle Insurance Data Gateway=11.3.1
Oracle Insurance Insbridge Rating And Underwriting>=5.4<=5.6.0
Oracle Insurance Insbridge Rating And Underwriting=5.2.0
Oracle Insurance Policy Administration=11.0.2
Oracle Insurance Policy Administration=11.1.0
Oracle Insurance Policy Administration=11.2.7
Oracle Insurance Policy Administration=11.3.0
Oracle Insurance Policy Administration=11.3.1
Oracle Insurance Rules Palette=11.0.2
Oracle Insurance Rules Palette=11.1.0
Oracle Insurance Rules Palette=11.2.7
Oracle Insurance Rules Palette=11.3.0
Oracle Insurance Rules Palette=11.3.1
Oracle Jd Edwards Enterpriseone Tools=9.2.6.3
Oracle OSS Support Tools<2.12.42
Oracle PeopleSoft Enterprise PeopleTools=8.57
Oracle PeopleSoft Enterprise PeopleTools=8.58
Oracle PeopleSoft Enterprise PeopleTools=8.59
Oracle Policy Automation>=12.2.0<=12.2.24
Oracle Primavera Analytics=18.8.3.3
Oracle Primavera Analytics=19.12.11.1
Oracle Primavera Analytics=20.12.12.0
Oracle Primavera Data Warehouse=18.8.3.3
Oracle Primavera Data Warehouse=19.12.11.1
Oracle Primavera Data Warehouse=20.12.12.0
Oracle Primavera Gateway>=17.12.0<=17.12.11
Oracle Primavera Gateway>=18.8.0<=18.8.12
Oracle Primavera Gateway>=19.12.0<=19.12.11
Oracle Primavera Gateway>=20.12.0<=20.12.7
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.12.0.0<=17.12.20
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.8.0.0<=18.8.24
Oracle Primavera P6 Enterprise Project Portfolio Management>=19.12.0.0<=19.12.17.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=20.12.0.0<=20.12.9.0
Oracle Primavera P6 Professional Project Management>=17.12<=17.12.20.0
Oracle Primavera P6 Professional Project Management>=18.8<=18.8.24.0
Oracle Primavera P6 Professional Project Management>=19.12.0.0<=19.12.17.0
Oracle Primavera P6 Professional Project Management>=20.12.0.0<=20.12.9.0
Oracle Primavera Unifier>=17.7<=17.12
Oracle Primavera Unifier=18.8
Oracle Primavera Unifier=19.12
Oracle Primavera Unifier=20.12
Oracle Primavera Unifier=21.12
Oracle Product Lifecycle Analytics=3.6.1
Oracle Rapid Planning>=12.2.6<=12.2.11
Oracle Real User Experience Insight=13.4.1.0
Oracle Real User Experience Insight=13.5.1.0
Oracle Retail Analytics>=16.0.0<=16.0.2
Oracle Retail Assortment Planning=16.0.3
Oracle Retail Back Office=14.1
Oracle Retail Central Office=14.1
Oracle Retail Customer Insights>=16.0<=16.0.2
Oracle Retail Extract Transform And Load=13.2.8
Oracle Retail Financial Integration=14.1.3.2
Oracle Retail Financial Integration=15.0.3.1
Oracle Retail Financial Integration=16.0.3.0
Oracle Retail Financial Integration=19.0.1
Oracle Retail Integration Bus=14.1.3.2
Oracle Retail Integration Bus=15.0.3.1
Oracle Retail Integration Bus=16.0.3
Oracle Retail Integration Bus=19.0.1
Oracle Retail Merchandising System=19.0.1
Oracle Retail Order Broker=16.0
Oracle Retail Order Broker=18.0
Oracle Retail Order Broker=19.1
Oracle Retail Order Management System=19.5
Oracle Retail Point-of-Service=14.1
Oracle Retail Predictive Application Server=14.1.3
Oracle Retail Predictive Application Server=15.0.3
Oracle Retail Predictive Application Server=16.0.3
Oracle Retail Price Management=14.1
Oracle Retail Price Management=15.0
Oracle Retail Price Management=16.0
Oracle Retail Returns Management=14.1
Oracle Retail Service Backbone=14.1.3.2
Oracle Retail Service Backbone=15.0.3.1
Oracle Retail Service Backbone=16.0.3
Oracle Retail Service Backbone=19.0.1
Oracle Retail Store Inventory Management=14.1
Oracle Retail Store Inventory Management=15.0
Oracle Retail Store Inventory Management=16.0
Oracle Retail Xstore Point of Service=17.0.4
Oracle Retail Xstore Point of Service=18.0.3
Oracle Retail Xstore Point of Service=19.0.2
Oracle Retail Xstore Point of Service=20.0.1
Oracle Siebel Ui Framework<=21.12
Oracle Spatial Studio<21.2.1
Oracle Storagetek Acsls=8.5.1
Oracle Storagetek Tape Analytics=2.4
Oracle Thesaurus Management System=5.2.3
Oracle Thesaurus Management System=5.3.0
Oracle Thesaurus Management System=5.3.1
Oracle TimesTen In-Memory Database<21.1.1.1.0
Oracle TimesTen In-Memory Database=21.1.1.1.0
Oracle Utilities Framework>=4.3.0.1.0<=4.3.0.6.0
Oracle Utilities Framework=4.2.0.3.0
Oracle Utilities Framework=4.4.0.0.0
Oracle Utilities Framework=4.4.0.2.0
Oracle Utilities Framework=4.4.0.3.0
Oracle Utilities Testing Accelerator=6.0.0.1.1
Oracle Utilities Testing Accelerator=6.0.0.2.2
Oracle Utilities Testing Accelerator=6.0.0.3.1
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle WebLogic Server=14.1.1.0.0
Oracle Zfs Storage Application Integration Engineering Software=1.3.3
Oracle Hospitality Reporting and Analytics=9.1.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203