Vulnerability in Oracle Secure Global Desktop Client Affects Multiple Protocols
CVE-2021-2221

9.6CRITICAL

Key Information:

Vendor: Oracle
Status: Secure Global Desktop
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability exists in the Oracle Secure Global Desktop product, specifically in the Client component. This flaw allows an unauthenticated attacker with network access to exploit the system through various protocols. Notably, the successful exploitation of this vulnerability requires human interaction from a user other than the attacker. While the vulnerability resides within Oracle Secure Global Desktop, it can also have consequential effects on other products, potentially leading to unauthorized control of the system.

Affected Version(s)

Secure Global Desktop 5.6

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020