PT-2021-14452 · Oracle · Oracle Enterprise Manager

Matthias Kaiser

Published

2021-10-20

Updated

2021-10-26

CVE-2021-2137

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager versions 13.4.0.0 and 13.5.0.0

Description A vulnerability in the Policy Framework component of Oracle Enterprise Manager's Enterprise Manager Base Platform allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of the Enterprise Manager Base Platform.

Recommendations For versions 13.4.0.0 and 13.5.0.0, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-2137

Affected Products

Oracle Enterprise Manager

PT-2021-14452 · Oracle · Oracle Enterprise Manager

CVE-2021-2137

Related Identifiers

Affected Products

References · 3