CVE-2021-2138

{"id": "CVE-2021-2138", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}]}, "published": "2021-03-03T06:15:15.017", "references": [{"url": "https://support.oracle.com", "tags": ["Permissions Required"], "source": "secalert_us@oracle.com"}, {"url": "https://support.oracle.com", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)"}, {"lang": "es", "value": "Vulnerabilidad en Oracle Cloud Infrastructure Data Science Notebook Sessions. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y con acceso al segmento de comunicaci\u00f3n f\u00edsica conectado al hardware donde se ejecuta Oracle Cloud Infrastructure Data Science Notebook Sessions comprometer Oracle Cloud Infrastructure Data Science Notebook Sessions. Los ataques exitosos de esta vulnerabilidad pueden dar lugar a la actualizaci\u00f3n no autorizada, insertar o eliminar algunos de los datos accesibles de Oracle Cloud Infrastructure Data Science Notebook Sessions, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Cloud Infrastructure Data Science Notebook Sessions. Todos los clientes afectados fueron notificados de CVE-2021-2138 por Oracle. Puntuaci\u00f3n base de CVSS 3.1: 4,6 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)"}], "lastModified": "2024-11-21T06:02:27.703", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:cloud_infrastructure_data_science:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAAE264D-28AD-4C66-82E6-6258FA8EDAC1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}