PT-2021-3025 · Oracle · Oracle Storage Cloud Software Appliance
Published
2021-04-20
·
Updated
2021-04-29
·
CVE-2021-2257
CVSS v3.1
4.1
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Storage Cloud Software Appliance versions prior to 16.3.1.4.2
Description
The issue is related to insufficient input validation in the Management Console component of the Oracle Storage Cloud Software Appliance. It allows a high-privileged attacker with network access via HTTP to compromise the appliance, potentially leading to unauthorized read access to a subset of accessible data. The impact of successful attacks may extend beyond the Oracle Storage Cloud Software Appliance to other products.
Recommendations
For Oracle Storage Cloud Software Appliance versions prior to 16.3.1.4.2, update to version 16.3.1.4.2 or later to address the issue. As a temporary workaround, consider restricting access to the Management Console component until the update is applied.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Storage Cloud Software Appliance