Vulnerability in Oracle Communications Session Border Controller Routing Component
CVE-2021-2414

6.8MEDIUM

Key Information:

Vendor: Oracle
Status: Communications Session Border Controller
Vendor: CVE Published:; 20 October 2021

Summary

This vulnerability in Oracle Communications Session Border Controller's routing component allows a high-privileged attacker with network access via HTTP to compromise the system. Affected versions 8.4 and 9.0 are susceptible to exploitation, potentially leading to unauthorized access to sensitive data or complete control over all accessible data. This poses a significant risk not only to the Session Border Controller itself but also to other interconnected products, as successful attacks could facilitate broader security breaches.

Affected Version(s)

Communications Session Border Controller 8.4

Communications Session Border Controller 9.0

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Dec 9, 2020