CVE-2021-2320

Name of the Vulnerable Software and Affected Versions Oracle Cloud Infrastructure Storage Gateway versions prior to 1.4

Description The issue is related to insufficient input validation in the Management Console component of the Oracle Cloud Infrastructure Storage Gateway. It allows a high-privileged attacker with network access via HTTP to compromise the Oracle Cloud Infrastructure Storage Gateway, potentially leading to a takeover. This vulnerability may also impact additional products.

Recommendations For versions prior to 1.4, update the Oracle Cloud Infrastructure Storage Gateway to version 1.4 or later to address this issue. As a temporary workaround, consider restricting access to the Management Console component until the update is applied.