Vulnerability Name:

CVE-2021-35576 (CCN-211652)

Assigned:2021-10-19
Published:2021-10-19
Updated:2023-02-24
Summary:An unspecified vulnerability in Oracle Database Server related to the Database Enterprise Edition Unified Audit component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS v3 Severity:2.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)
2.4 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
2.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)
2.4 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2021-35576

Source: secalert_us@oracle.com
Type: Exploit, Third Party Advisory, VDB Entry
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Exploit, Third Party Advisory, VDB Entry
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Exploit, Third Party Advisory
secalert_us@oracle.com

Source: XF
Type: UNKNOWN
oracle-cpuoct2021-cve202135576(211652)

Source: CCN
Type: IBM Security Bulletin 6573187 (Emptoris Strategic Supply Management Platform)
IBM Emptoris Strategic Supply Management Platform is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Source: CCN
Type: IBM Security Bulletin 6573189 (Emptoris Contract Management)
IBM Emptoris Contract Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Source: CCN
Type: IBM Security Bulletin 6573193 (Emptoris Sourcing)
IBM Emptoris Sourcing is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Source: CCN
Type: IBM Security Bulletin 6573195 (Emptoris Program Management)
IBM Emptoris Program Management is vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Source: CCN
Type: IBM Security Bulletin 6573593 (Emptoris Supplier Lifecycle Management)
IBM Emptoris Supplier Lifecycle Management vulnerable to unspecified vulnerability due to Oracle Database Server (CVE-2021-35576)

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:19c:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:emptoris_sourcing:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_sourcing:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_contract_management:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_sourcing:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_contract_management:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_contract_management:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_program_management:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_program_management:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_program_management:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:emptoris_supplier_lifecycle_management:10.1.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle database server 12.1.0.2
    oracle database server 12.2.0.1
    oracle database server 19c
    ibm emptoris sourcing 10.1.0
    ibm emptoris sourcing 10.1.1
    ibm emptoris contract management 10.1.0
    ibm emptoris sourcing 10.1.3
    ibm emptoris contract management 10.1.1
    ibm emptoris contract management 10.1.3
    ibm emptoris program management 10.1.0
    ibm emptoris program management 10.1.1
    ibm emptoris program management 10.1.3
    ibm emptoris supplier lifecycle management 10.1.0
    ibm emptoris supplier lifecycle management 10.1.1
    ibm emptoris supplier lifecycle management 10.1.3