Vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console
CVE-2021-2318

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Cloud Infrastructure
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability exists in the Management Console of the Oracle Cloud Infrastructure Storage Gateway that can be exploited by a high-privileged attacker with network access via HTTP. This flaw may lead to the compromise of the Oracle Cloud Infrastructure Storage Gateway, with potential broader impacts on connected products. To mitigate this vulnerability, it is crucial for users to upgrade to version 1.4 or later. For further details and to download the latest version, visit the official Oracle download page, and refer to the documentation for extensive information.

Affected Version(s)

Cloud Infrastructure < 1.4

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020