CVEFinder.io

CVE-2021-2351

⚠️ high
Summary

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Suc

Description

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

CVSS Score
8.3
High
EPSS Score
2.3
Exploit Probability
Published Date
2021-07-21
First Seen: 2026-01-05
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-327 CWE-384

🔗 References 20

http://packetstormsecurity.com/files/165255/Oracle-D...
Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165258/Oracle-D...
Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Dec/19
Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Dec/20
Exploit Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2023.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2021.html
Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Vendor Advisory
http://packetstormsecurity.com/files/165255/Oracle-D...
Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/165258/Oracle-D...
Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Dec/19
Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Dec/20
Exploit Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2023.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2021.html
Patch Vendor Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Vendor Advisory

📦 Affected Products 248

Vendor Product Status Affected Versions
oracle clinical Affected
v5.2.1
oracle clinical Affected
v5.2.2
oracle peoplesoft_enterprise_peopletools Affected
v8.57
oracle peoplesoft_enterprise_peopletools Affected
v8.58
oracle peoplesoft_enterprise_peopletools Affected
v8.59
oracle weblogic_server Affected
v12.2.1.3.0
oracle weblogic_server Affected
v12.2.1.4.0
oracle weblogic_server Affected
v14.1.1.0.0
oracle fusion_middleware Affected
v12.2.1.3.0
oracle fusion_middleware Affected
v12.2.1.4.0
oracle ilearning Affected
v6.2
oracle ilearning Affected
v6.3
oracle jd_edwards_enterpriseone_tools Affected
v9.2.6.3
oracle commerce_platform Affected
v11.3.0
oracle commerce_platform Affected
v11.3.1
oracle commerce_platform Affected
v11.3.2
oracle agile_engineering_data_management Affected
v6.2.1.0
oracle application_testing_suite Affected
v13.3.0.1
oracle enterprise_manager_ops_center Affected
v12.4.0.0
oracle goldengate Affected
< 12.3.0.1.0
oracle goldengate Affected
≥ 19.1.0.0.1 < 21.5.0.0.220118
oracle enterprise_manager_base_platform Affected
v13.4.0.0
oracle enterprise_manager_base_platform Affected
v13.5.0.0
oracle retail_point-of-service Affected
v14.1
oracle retail_xstore_point_of_service Affected
v17.0.4
oracle retail_xstore_point_of_service Affected
v18.0.3
oracle retail_xstore_point_of_service Affected
v19.0.2
oracle retail_xstore_point_of_service Affected
v20.0.1
oracle siebel_ui_framework Affected
≤ 21.12
oracle oss_support_tools Affected
< 2.12.42
oracle documaker Affected
≥ 12.6.2 ≤ 12.6.4
oracle documaker Affected
v12.6.0
oracle documaker Affected
v12.7.0
oracle insurance_rules_palette Affected
v11.0.2
oracle insurance_rules_palette Affected
v11.1.0
oracle insurance_rules_palette Affected
v11.2.7
oracle insurance_rules_palette Affected
v11.3.0
oracle insurance_rules_palette Affected
v11.3.1
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 17.12.0.0 ≤ 17.12.20
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 18.8.0.0 ≤ 18.8.24
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 19.12.0.0 ≤ 19.12.17.0
oracle primavera_p6_enterprise_project_portfolio_management Affected
≥ 20.12.0.0 ≤ 20.12.9.0
oracle health_sciences_information_manager Affected
v3.0.2
oracle health_sciences_information_manager Affected
v3.0.3
oracle retail_service_backbone Affected
v14.1.3.2
oracle retail_service_backbone Affected
v15.0.3.1
oracle retail_service_backbone Affected
v16.0.3
oracle retail_service_backbone Affected
v19.0.1
oracle banking_platform Affected
v2.12.0
oracle banking_platform Affected
v2.6.2
oracle banking_platform Affected
v2.7.1
oracle flexcube_private_banking Affected
v12.0.0
oracle flexcube_private_banking Affected
v12.1.0
oracle financial_services_analytical_applications_infrastructure Affected
≥ 8.0.7 ≤ 8.1.1
oracle argus_safety Affected
v8.2.1
oracle argus_safety Affected
v8.2.2
oracle argus_safety Affected
v8.2.3
oracle retail_merchandising_system Affected
v19.0.1
oracle hospitality_reporting_and_analytics Affected
v9.1.0
oracle flexcube_investor_servicing Affected
v12.0.4
oracle flexcube_investor_servicing Affected
v12.1.0
oracle flexcube_investor_servicing Affected
v12.3.0
oracle flexcube_investor_servicing Affected
v12.4.0
oracle flexcube_investor_servicing Affected
v14.4.0
oracle flexcube_investor_servicing Affected
v14.5.0
oracle retail_customer_insights Affected
≥ 16.0 ≤ 16.0.2
oracle communications_services_gatekeeper Affected
v7.0
oracle retail_predictive_application_server Affected
v14.1.3
oracle retail_predictive_application_server Affected
v15.0.3
oracle retail_predictive_application_server Affected
v16.0.3
oracle retail_order_broker Affected
v16.0
oracle retail_order_broker Affected
v18.0
oracle retail_order_broker Affected
v19.1
oracle utilities_framework Affected
≥ 4.3.0.1.0 ≤ 4.3.0.6.0
oracle utilities_framework Affected
v4.2.0.3.0
oracle utilities_framework Affected
v4.4.0.0.0
oracle utilities_framework Affected
v4.4.0.2.0
oracle utilities_framework Affected
v4.4.0.3.0
oracle instantis_enterprisetrack Affected
v17.1
oracle instantis_enterprisetrack Affected
v17.2
oracle instantis_enterprisetrack Affected
v17.3
oracle data_integrator Affected
v12.2.1.3.0
oracle data_integrator Affected
v12.2.1.4.0
oracle hospitality_inventory_management Affected
< 9.1.0
oracle hospitality_inventory_management Affected
v9.1.0
oracle primavera_gateway Affected
≥ 17.12.0 ≤ 17.12.11
oracle primavera_gateway Affected
≥ 18.8.0 ≤ 18.8.12
oracle primavera_gateway Affected
≥ 19.12.0 ≤ 19.12.11
oracle primavera_gateway Affected
≥ 20.12.0 ≤ 20.12.7
oracle primavera_unifier Affected
≥ 17.7 ≤ 17.12
oracle primavera_unifier Affected
v18.8
oracle primavera_unifier Affected
v19.12
oracle primavera_unifier Affected
v20.12
oracle primavera_unifier Affected
v21.12
oracle retail_returns_management Affected
v14.1
oracle retail_central_office Affected
v14.1
oracle retail_integration_bus Affected
v14.1.3.2
oracle retail_integration_bus Affected
v15.0.3.1
oracle retail_integration_bus Affected
v16.0.3
oracle retail_integration_bus Affected
v19.0.1
oracle demantra_demand_management Affected
≥ 12.2.6 ≤ 12.2.11
oracle primavera_p6_professional_project_management Affected
≥ 17.12 ≤ 17.12.20.0
oracle primavera_p6_professional_project_management Affected
≥ 18.8 ≤ 18.8.24.0
oracle primavera_p6_professional_project_management Affected
≥ 19.12.0.0 ≤ 19.12.17.0
oracle primavera_p6_professional_project_management Affected
≥ 20.12.0.0 ≤ 20.12.9.0
oracle hospitality_suite8 Affected
v8.10.2
oracle hospitality_suite8 Affected
v8.11.0
oracle hospitality_suite8 Affected
v8.12.0
oracle hospitality_suite8 Affected
v8.13.0
oracle hospitality_suite8 Affected
v8.14.0
oracle communications_application_session_controller Affected
v3.9.0
oracle banking_digital_experience Affected
≥ 18.1 ≤ 18.3
oracle banking_digital_experience Affected
v17.2
oracle banking_digital_experience Affected
v19.1
oracle banking_digital_experience Affected
v19.2
oracle banking_digital_experience Affected
v20.1
oracle banking_digital_experience Affected
v21.1
oracle retail_back_office Affected
v14.1
oracle application_performance_management Affected
v13.4.1.0
oracle application_performance_management Affected
v13.5.1.0
oracle retail_store_inventory_management Affected
v14.1
oracle retail_store_inventory_management Affected
v15.0
oracle retail_store_inventory_management Affected
v16.0
oracle timesten_in-memory_database Affected
< 21.1.1.1.0
oracle timesten_in-memory_database Affected
v21.1.1.1.0
oracle rapid_planning Affected
≥ 12.2.6 ≤ 12.2.11
oracle hyperion_infrastructure_technology Affected
v11.2.7.0
oracle healthcare_foundation Affected
≥ 7.3.0 ≤ 7.3.0.2
oracle healthcare_foundation Affected
≥ 8.0.0 ≤ 8.0.2
oracle healthcare_foundation Affected
≥ 8.1.0 ≤ 8.1.1
oracle communications_billing_and_revenue_management Affected
v12.0.0.4
oracle communications_billing_and_revenue_management Affected
v12.0.0.5
oracle insurance_insbridge_rating_and_underwriting Affected
≥ 5.4 ≤ 5.6.0
oracle insurance_insbridge_rating_and_underwriting Affected
v5.2.0
oracle policy_automation Affected
≥ 12.2.0 ≤ 12.2.24
oracle retail_assortment_planning Affected
v16.0.3
oracle enterprise_data_quality Affected
v12.2.1.3.0
oracle enterprise_data_quality Affected
v12.2.1.4.0
oracle advanced_networking_option Affected
v12.1.0.2
oracle advanced_networking_option Affected
v12.2.0.1
oracle advanced_networking_option Affected
v19c
oracle agile_product_lifecycle_management_for_process Affected
v6.2.2.0
oracle agile_product_lifecycle_management_for_process Affected
v6.2.3.0
oracle healthcare_translational_research Affected
v4.1.0
oracle agile_plm Affected
v9.3.6
oracle retail_financial_integration Affected
v14.1.3.2
oracle retail_financial_integration Affected
v15.0.3.1
oracle retail_financial_integration Affected
v16.0.3.0
oracle retail_financial_integration Affected
v19.0.1
oracle communications_ip_service_activator Affected
v7.4.0
oracle communications_calendar_server Affected
v8.0.0.5.0
oracle goldengate_application_adapters Affected
< 23.1
oracle communications_pricing_design_center Affected
v12.0.0.4
oracle communications_pricing_design_center Affected
v12.0.0.5
oracle financial_services_behavior_detection_platform Affected
v8.0.11
oracle financial_services_behavior_detection_platform Affected
v8.0.7
oracle financial_services_behavior_detection_platform Affected
v8.0.8
oracle insurance_policy_administration Affected
v11.0.2
oracle insurance_policy_administration Affected
v11.1.0
oracle insurance_policy_administration Affected
v11.2.7
oracle insurance_policy_administration Affected
v11.3.0
oracle insurance_policy_administration Affected
v11.3.1
oracle retail_extract_transform_and_load Affected
v13.2.8
oracle communications_session_report_manager Affected
≥ 8.0.0 ≤ 8.2.5.0
oracle communications_session_route_manager Affected
≥ 8.2.0 ≤ 8.2.5
oracle communications_metasolv_solution Affected
v6.3.1
oracle communications_network_charging_and_control Affected
≥ 12.0.1.0 ≤ 12.0.4.0.0
oracle communications_network_charging_and_control Affected
v6.0.1.0.0
oracle communications_network_integrity Affected
v7.3.5
oracle communications_network_integrity Affected
v7.3.6
oracle communications_contacts_server Affected
v8.0.0.3.0
oracle healthcare_data_repository Affected
v7.0.2
oracle healthcare_data_repository Affected
v8.1.0
oracle healthcare_data_repository Affected
v8.1.1
oracle communications_design_studio Affected
v7.3.5
oracle communications_design_studio Affected
v7.4.0
oracle communications_design_studio Affected
v7.4.1
oracle communications_design_studio Affected
v7.4.2
oracle real_user_experience_insight Affected
v13.4.1.0
oracle real_user_experience_insight Affected
v13.5.1.0
oracle hospitality_opera_5 Affected
v5.6
oracle communications_convergent_charging_controller Affected
≥ 12.0.1.0.0 ≤ 12.0.4.0.0
oracle communications_convergent_charging_controller Affected
v6.0.1.0.0
oracle insurance_data_gateway Affected
v11.0.2
oracle insurance_data_gateway Affected
v11.1.0
oracle insurance_data_gateway Affected
v11.2.7
oracle insurance_data_gateway Affected
v11.3.0
oracle insurance_data_gateway Affected
v11.3.1
oracle retail_price_management Affected
v14.1
oracle retail_price_management Affected
v15.0
oracle retail_price_management Affected
v16.0
oracle spatial_studio Affected
< 21.2.1
oracle financial_services_enterprise_case_management Affected
v8.0.11
oracle financial_services_enterprise_case_management Affected
v8.0.7
oracle financial_services_enterprise_case_management Affected
v8.0.8
oracle financial_services_model_management_and_governance Affected
≥ 8.0.8.0.0 ≤ 8.1.1.0.0
oracle banking_enterprise_default_management Affected
v2.10.0
oracle banking_enterprise_default_management Affected
v2.12.0
oracle graph_server_and_client Affected
< 21.4.0
oracle utilities_testing_accelerator Affected
v6.0.0.1.1
oracle utilities_testing_accelerator Affected
v6.0.0.2.2
oracle utilities_testing_accelerator Affected
v6.0.0.3.1
oracle retail_order_management_system Affected
v19.5
oracle banking_apis Affected
≥ 18.1 ≤ 18.3
oracle banking_apis Affected
v19.1
oracle banking_apis Affected
v19.2
oracle banking_apis Affected
v20.1
oracle banking_apis Affected
v21.1
oracle airlines_data_model Affected
v12.1.1.0.0
oracle airlines_data_model Affected
v12.2.0.1.0
oracle argus_analytics Affected
v8.2.1
oracle argus_analytics Affected
v8.2.2
oracle argus_analytics Affected
v8.2.3
oracle argus_insight Affected
v8.2.1
oracle argus_insight Affected
v8.2.2
oracle argus_insight Affected
v8.2.3
oracle big_data_spatial_and_graph Affected
< 23.1
oracle communications_data_model Affected
v11.3.2.1.0
oracle communications_data_model Affected
v11.3.2.2.0
oracle communications_data_model Affected
v11.3.2.3.0
oracle communications_data_model Affected
v12.1.0.1.0
oracle communications_data_model Affected
v12.1.2.0.0
oracle financial_services_foreign_account_tax_compliance_act_management Affected
v8.0.11
oracle financial_services_foreign_account_tax_compliance_act_management Affected
v8.0.7
oracle financial_services_foreign_account_tax_compliance_act_management Affected
v8.0.8
oracle financial_services_trade-based_anti_money_laundering Affected
v8.0.7
oracle financial_services_trade-based_anti_money_laundering Affected
v8.0.8
oracle health_sciences_clinical_development_analytics Affected
v4.0.1
oracle health_sciences_inform_crf_submit Affected
v6.2.1
oracle primavera_analytics Affected
v18.8.3.3
oracle primavera_analytics Affected
v19.12.11.1
oracle primavera_analytics Affected
v20.12.12.0
oracle primavera_data_warehouse Affected
v18.8.3.3
oracle primavera_data_warehouse Affected
v19.12.11.1
oracle primavera_data_warehouse Affected
v20.12.12.0
oracle thesaurus_management_system Affected
v5.2.3
oracle thesaurus_management_system Affected
v5.3.0
oracle thesaurus_management_system Affected
v5.3.1
oracle zfs_storage_application_integration_engineering_software Affected
v1.3.3
oracle argus_mart Affected
v8.2.1
oracle argus_mart Affected
v8.2.2
oracle argus_mart Affected
v8.2.3
oracle product_lifecycle_analytics Affected
v3.6.1
oracle communications_diameter_intelligence_hub Affected
≥ 8.0.0 ≤ 8.2.3
oracle blockchain_platform Affected
v21.1.2
oracle storagetek_acsls Affected
v8.5.1
oracle storagetek_tape_analytics Affected
v2.4
oracle retail_analytics Affected
≥ 16.0.0 ≤ 16.0.2

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-21934 🔶 medium 5.4 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Push Notifications). Su... 2026-01-20
CVE-2026-21938 🔶 medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported vers... 2026-01-20
CVE-2026-21951 🔶 medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Su... 2026-01-20
CVE-2026-21946 🔶 medium 6.1 0.0 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supporte... 2026-01-20
CVE-2026-21973 ⚠️ high 8.1 0.1 Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Se... 2026-01-20
CVE-2026-21924 🔶 medium 5.4 0.0 Vulnerability in the Oracle Utilities Application Framework product of Oracle Utilities Applications (component: General... 2026-01-20
These CVEs affect the same products