PT-2020-5726 · Oracle · Oracle Cloud Infrastructure Data Science Notebook Sessions
Published
2020-12-09
·
Updated
2021-03-08
·
CVE-2021-2138
CVSS v3.1
4.6
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Oracle Cloud Infrastructure Data Science Notebook Sessions (affected versions not specified)
Description:
The issue is related to insufficient input validation in the Oracle Cloud Infrastructure Data Science platform, allowing a low-privileged attacker to compromise the system. This can result in unauthorized access to modify, add, or delete data, as well as read access to a subset of the data. The vulnerability can be exploited by an attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions execute.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Cloud Infrastructure Data Science Notebook Sessions