Unauthenticated Remote Code Execution Vulnerability in Oracle Outside In Technology
CVE-2021-2420

7.5HIGH

Key Information:

Vendor: Oracle
Status: Outside In Technology
Vendor: CVE Published:; 20 July 2021

Summary

A flaw exists in Oracle Outside In Technology, which can be exploited by an unauthenticated attacker with HTTP network access. The vulnerability may lead to a denial-of-service situation, causing the affected technology to hang or crash repeatedly. This vulnerability impacts version 8.5.5 of Outside In Filters within Oracle Fusion Middleware, and successful exploitation could severely disrupt services relying on this suite of software development kits.

Affected Version(s)

Outside In Technology 8.5.5

References

https://www.oracle.com/security-alerts/cpujul2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 20, 2021
Vulnerability Reserved
Dec 9, 2020