Remote Code Execution Vulnerability in Oracle Enterprise Manager
CVE-2021-2134

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Enterprise Manager For Fusion Middleware
Vendor: CVE Published:; 22 April 2021

What is CVE-2021-2134?

A vulnerability in Oracle's Enterprise Manager for Fusion Middleware allows attackers with low privileges and network access to exploit the FMW Control Plugin. This can lead to unauthorized actions that may result in significant disruption, including a denial of service, causing the application to freeze or crash frequently.

Affected Version(s)

Enterprise Manager for Fusion Middleware 12.2.1.4

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020