Remote Code Execution Vulnerability in Oracle Enterprise Manager
CVE-2021-2134

6.5MEDIUM

Key Information:

Vendor
Oracle
Status
Enterprise Manager For Fusion Middleware
Vendor
CVE Published:
22 April 2021

Summary

A vulnerability in Oracle's Enterprise Manager for Fusion Middleware allows attackers with low privileges and network access to exploit the FMW Control Plugin. This can lead to unauthorized actions that may result in significant disruption, including a denial of service, causing the application to freeze or crash frequently.

Affected Version(s)

Enterprise Manager for Fusion Middleware 12.2.1.4

References

https://www.oracle.com/security-alerts/cpuapr2021.html
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.