2021-2448 | Oracle Financial Services Crime and Compliance Investigation Hub Reports unknown vulnerability
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.6 | $0-$5k | 0.47 |
A vulnerability, which was classified as problematic, has been found in Oracle Financial Services Crime and Compliance Investigation Hub 11.3.2 (Financial Software). This issue affects an unknown functionality of the component Reports. Impacted is confidentiality, and integrity. The summary by CVE is:
Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is 20.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Financial Services Crime and Compliance Investigation Hub executes to compromise Oracle Financial Services Crime and Compliance Investigation Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Crime and Compliance Investigation Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Crime and Compliance Investigation Hub accessible data as well as unauthorized read access to a subset of Oracle Financial Services Crime and Compliance Investigation Hub accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N).
The weakness was published 07/20/2021 as Oracle Critical Patch Update Advisory – July 2021. It is possible to read the advisory at oracle.com. The identification of this vulnerability is CVE-2021-2448 since 12/09/2020. The exploitation is known to be difficult. Attacking locally is a requirement. The exploitation requires an enhanced level of successful authentication. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available.
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
Type
Vendor
Name
VulDB Meta Base Score: 3.7
VulDB Meta Temp Score: 3.6
VulDB Base Score: 3.7
VulDB Temp Score: 3.6
VulDB Vector: 🔒
VulDB Reliability: 🔍
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| 🔍 | 🔍 | 🔍 | 🔍 | 🔍 | 🔍 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Unknown
CWE: Unknown
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍Recommended: Upgrade
Status: 🔍
Reaction Time: 🔒
0-Day Time: 🔒
Exposure Time: 🔒
Upgrade: oracle.com
12/09/2020 CVE assigned
07/20/2021 Advisory disclosed
07/20/2021 Countermeasure disclosed
07/21/2021 VulDB entry created
07/24/2021 VulDB last updateVendor: https://www.oracle.com
Advisory: Oracle Critical Patch Update Advisory – July 2021
Status: Confirmed
CVE: CVE-2021-2448 (🔒)
Created: 07/21/2021 10:37
Updated: 07/24/2021 03:14
Changes: (1) source_cve_cna
Complete: 🔍
Enable the mail alert feature now!
