CVE-2021-2248

Name of the Vulnerable Software and Affected Versions Oracle Secure Global Desktop version 5.6

Description The issue is related to insufficient input validation in the Server component of Oracle Secure Global Desktop. This can be exploited by a remote attacker to gain full control over the application or execute arbitrary code using the SKID protocol. The vulnerability is easily exploitable and can be compromised by an unauthenticated attacker with network access via multiple protocols, potentially impacting additional products and resulting in the takeover of Oracle Secure Global Desktop.

Recommendations For Oracle Secure Global Desktop version 5.6, consider restricting network access to the Server component until a patch is available. As a temporary workaround, disabling the vulnerable Server component may help minimize the risk of exploitation. Avoid using the SKID protocol in the affected Oracle Secure Global Desktop version until the issue is resolved.