Vulnerability in Oracle Outside In Technology Affecting Fusion Middleware
CVE-2021-35572

7.5HIGH

Key Information:

Vendor: Oracle
Status: Outside In Technology
Vendor: CVE Published:; 20 October 2021

Summary

This vulnerability in Oracle's Outside In Technology allows unauthenticated attackers with network access to exploit the system via HTTP. If successful, an attacker may cause the Outside In Technology to hang or crash, resulting in a denial of service (DoS) condition. Outside In Technology, consisting of various software development kits, may experience significant availability impacts when used with software that directly passes network-received data. The risk is particularly heightened in scenarios where data is relayed without proper validation.

Affected Version(s)

Outside In Technology 8.5.5

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021