CVE-2021-2134

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager (component: FMW Control Plugin) version 12.2.1.4

Description The issue is related to insufficient input validation in the FMW Control Plugin component of Oracle Enterprise Manager for Fusion Middleware. This allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager for Fusion Middleware.

Recommendations For version 12.2.1.4, consider restricting access to the FMW Control Plugin component until a patch is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.