Management Console Vulnerability in Oracle Cloud Infrastructure Storage Gateway
CVE-2021-2319

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Cloud Infrastructure
Vendor: CVE Published:; 22 April 2021

Summary

A vulnerability exists in the Management Console component of the Oracle Cloud Infrastructure Storage Gateway, which can be exploited by attackers with high privileges and network access. This flaw allows unauthorized manipulation, potentially leading to the takeover of the Oracle Cloud Infrastructure Storage Gateway. Attackers utilizing this vulnerability could compromise not just the storage gateway, but also other interconnected products. To remediate this issue, it is crucial to update the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later. For additional guidance, refer to Oracle's security alert.

Affected Version(s)

Cloud Infrastructure < 1.4

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020