Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2021-2351

CVSSv4: NA | CVSSv3: 8.3 | CVSSv2: 5.1 | VMScore: 930 | EPSS: 0.01891 | KEV: Not Included
Published: 21/07/2021 Updated: 21/11/2024

Vulnerability Summary

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle advanced networking option 12.1.0.2

oracle advanced networking option 12.2.0.1

oracle advanced networking option 19c

oracle agile engineering data management 6.2.1.0

oracle agile plm 9.3.6

oracle agile product lifecycle management for process 6.2.2.0

oracle agile product lifecycle management for process 6.2.3.0

oracle airlines data model 12.1.1.0.0

oracle airlines data model 12.2.0.1.0

oracle application performance management 13.4.1.0

oracle application performance management 13.5.1.0

oracle application testing suite 13.3.0.1

oracle argus analytics 8.2.1

oracle argus analytics 8.2.2

oracle argus analytics 8.2.3

oracle argus insight 8.2.1

oracle argus insight 8.2.2

oracle argus insight 8.2.3

oracle argus mart 8.2.1

oracle argus mart 8.2.2

oracle argus mart 8.2.3

oracle argus safety 8.2.1

oracle argus safety 8.2.2

oracle argus safety 8.2.3

oracle banking apis

oracle banking apis 19.1

oracle banking apis 19.2

oracle banking apis 20.1

oracle banking apis 21.1

oracle banking digital experience

oracle banking digital experience 17.2

oracle banking digital experience 19.1

oracle banking digital experience 19.2

oracle banking digital experience 20.1

oracle banking digital experience 21.1

oracle banking enterprise default management 2.10.0

oracle banking enterprise default management 2.12.0

oracle banking platform 2.6.2

oracle banking platform 2.7.1

oracle banking platform 2.12.0

oracle big data spatial and graph

oracle blockchain platform 21.1.2

oracle clinical 5.2.1

oracle clinical 5.2.2

oracle commerce platform 11.3.0

oracle commerce platform 11.3.1

oracle commerce platform 11.3.2

oracle communications application session controller 3.9.0

oracle communications billing and revenue management 12.0.0.4

oracle communications billing and revenue management 12.0.0.5

oracle communications calendar server 8.0.0.5.0

oracle communications contacts server 8.0.0.3.0

oracle communications convergent charging controller

oracle communications convergent charging controller 6.0.1.0.0

oracle communications data model 11.3.2.1.0

oracle communications data model 11.3.2.2.0

oracle communications data model 11.3.2.3.0

oracle communications data model 12.1.0.1.0

oracle communications data model 12.1.2.0.0

oracle communications design studio 7.3.5

oracle communications design studio 7.4.0

oracle communications design studio 7.4.1

oracle communications design studio 7.4.2

oracle communications diameter intelligence hub

oracle communications ip service activator 7.4.0

oracle communications metasolv solution 6.3.1

oracle communications network charging and control

oracle communications network charging and control 6.0.1.0.0

oracle communications network integrity 7.3.5

oracle communications network integrity 7.3.6

oracle communications pricing design center 12.0.0.4

oracle communications pricing design center 12.0.0.5

oracle communications services gatekeeper 7.0

oracle communications session report manager

oracle communications session route manager

oracle data integrator 12.2.1.3.0

oracle data integrator 12.2.1.4.0

oracle demantra demand management

oracle documaker

oracle documaker 12.6.0

oracle documaker 12.7.0

oracle enterprise data quality 12.2.1.3.0

oracle enterprise data quality 12.2.1.4.0

oracle enterprise manager base platform 13.4.0.0

oracle enterprise manager base platform 13.5.0.0

oracle enterprise manager ops center 12.4.0.0

oracle financial services analytical applications infrastructure

oracle financial services behavior detection platform 8.0.7

oracle financial services behavior detection platform 8.0.8

oracle financial services behavior detection platform 8.0.11

oracle financial services enterprise case management 8.0.7

oracle financial services enterprise case management 8.0.8

oracle financial services enterprise case management 8.0.11

oracle financial services foreign account tax compliance act management 8.0.7

oracle financial services foreign account tax compliance act management 8.0.8

oracle financial services foreign account tax compliance act management 8.0.11

oracle financial services model management and governance

oracle financial services trade-based anti money laundering 8.0.7

oracle financial services trade-based anti money laundering 8.0.8

oracle flexcube investor servicing 12.0.4

oracle flexcube investor servicing 12.1.0

oracle flexcube investor servicing 12.3.0

oracle flexcube investor servicing 12.4.0

oracle flexcube investor servicing 14.4.0

oracle flexcube investor servicing 14.5.0

oracle flexcube private banking 12.0.0

oracle flexcube private banking 12.1.0

oracle fusion middleware 12.2.1.3.0

oracle fusion middleware 12.2.1.4.0

oracle goldengate

oracle goldengate application adapters

oracle graph server and client

oracle health sciences clinical development analytics 4.0.1

oracle health sciences inform crf submit 6.2.1

oracle health sciences information manager 3.0.2

oracle health sciences information manager 3.0.3

oracle healthcare data repository 7.0.2

oracle healthcare data repository 8.1.0

oracle healthcare data repository 8.1.1

oracle healthcare foundation

oracle healthcare translational research 4.1.0

oracle hospitality inventory management

oracle hospitality inventory management 9.1.0

oracle hospitality opera 5 5.6

oracle hospitality reporting and analytics 9.1.0

oracle hospitality suite8 8.10.2

oracle hospitality suite8 8.11.0

oracle hospitality suite8 8.12.0

oracle hospitality suite8 8.13.0

oracle hospitality suite8 8.14.0

oracle hyperion infrastructure technology 11.2.7.0

oracle ilearning 6.2

oracle ilearning 6.3

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle insurance data gateway 11.0.2

oracle insurance data gateway 11.1.0

oracle insurance data gateway 11.2.7

oracle insurance data gateway 11.3.0

oracle insurance data gateway 11.3.1

oracle insurance insbridge rating and underwriting

oracle insurance insbridge rating and underwriting 5.2.0

oracle insurance policy administration 11.0.2

oracle insurance policy administration 11.1.0

oracle insurance policy administration 11.2.7

oracle insurance policy administration 11.3.0

oracle insurance policy administration 11.3.1

oracle insurance rules palette 11.0.2

oracle insurance rules palette 11.1.0

oracle insurance rules palette 11.2.7

oracle insurance rules palette 11.3.0

oracle insurance rules palette 11.3.1

oracle jd edwards enterpriseone tools 9.2.6.3

oracle oss support tools

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle policy automation

oracle primavera analytics 18.8.3.3

oracle primavera analytics 19.12.11.1

oracle primavera analytics 20.12.12.0

oracle primavera data warehouse 18.8.3.3

oracle primavera data warehouse 19.12.11.1

oracle primavera data warehouse 20.12.12.0

oracle primavera gateway

oracle primavera p6 enterprise project portfolio management

oracle primavera p6 professional project management

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle primavera unifier 21.12

oracle product lifecycle analytics 3.6.1

oracle rapid planning

oracle real user experience insight 13.4.1.0

oracle real user experience insight 13.5.1.0

oracle retail analytics

oracle retail assortment planning 16.0.3

oracle retail back office 14.1

oracle retail central office 14.1

oracle retail customer insights

oracle retail extract transform and load 13.2.8

oracle retail financial integration 14.1.3.2

oracle retail financial integration 15.0.3.1

oracle retail financial integration 16.0.3.0

oracle retail financial integration 19.0.1

oracle retail integration bus 14.1.3.2

oracle retail integration bus 15.0.3.1

oracle retail integration bus 16.0.3

oracle retail integration bus 19.0.1

oracle retail merchandising system 19.0.1

oracle retail order broker 16.0

oracle retail order broker 18.0

oracle retail order broker 19.1

oracle retail order management system 19.5

oracle retail point-of-service 14.1

oracle retail predictive application server 14.1.3

oracle retail predictive application server 15.0.3

oracle retail predictive application server 16.0.3

oracle retail price management 14.1

oracle retail price management 15.0

oracle retail price management 16.0

oracle retail returns management 14.1

oracle retail service backbone 14.1.3.2

oracle retail service backbone 15.0.3.1

oracle retail service backbone 16.0.3

oracle retail service backbone 19.0.1

oracle retail store inventory management 14.1

oracle retail store inventory management 15.0

oracle retail store inventory management 16.0

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail xstore point of service 20.0.1

oracle siebel ui framework

oracle spatial studio

oracle storagetek acsls 8.5.1

oracle storagetek tape analytics 2.4

oracle thesaurus management system 5.2.3

oracle thesaurus management system 5.3.0

oracle thesaurus management system 5.3.1

oracle timesten in-memory database

oracle timesten in-memory database 21.1.1.1.0

oracle utilities framework

oracle utilities framework 4.2.0.3.0

oracle utilities framework 4.4.0.0.0

oracle utilities framework 4.4.0.2.0

oracle utilities framework 4.4.0.3.0

oracle utilities testing accelerator 6.0.0.1.1

oracle utilities testing accelerator 6.0.0.2.2

oracle utilities testing accelerator 6.0.0.3.1

oracle weblogic server 12.2.1.3.0

oracle weblogic server 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

oracle zfs storage application integration engineering software 1.3.3

Exploits

Exploit DB: Oracle Database Weak NNE Integrity Key Derivation
NNE's integrity protection mechanism deliberately weakens the key used for computing per-packet message authentication codes (MACs) Oracle Database versions 19c, 12201, and 12102 are affected ...
Exploit DB: Oracle Database Protection Mechanism Bypass
Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections In some configurations, a full man-in-the-middle attack is possible Oracle Database versions 19c, 12201, and 12102 are affected ...

Mailing Lists

Full Disclosure: [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation
Advisory ID: SYSS-2021-062 Product: Database Manufacturer: Oracle Affected Version(s): 12102, 12201, 19c Tested Version(s): 18c Vulnerability Type: Inadequate Encryption Strength (CWE-326) Risk Level: Medium Solution Status: Fixed Manufacturer Notificat ...
Full Disclosure: [SYSS-2021-061] Oracle Database - NNE Connection Hijacking
Advisory ID: SYSS-2021-061 Product: Database Manufacturer: Oracle Affected Version(s): 12102, 12201, 19c Tested Version(s): 18c Vulnerability Type: Protection Mechanism Failure (CWE-693) Risk Level: High Solution Status: Fixed Manufacturer Notification ...

References

CWE-327CWE-384https://nvd.nist.govhttp://seclists.org/fulldisclosure/2021/Dec/20https://www.first.org/epsshttp://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.htmlhttp://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.htmlhttp://seclists.org/fulldisclosure/2021/Dec/19http://seclists.org/fulldisclosure/2021/Dec/20https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujan2023.htmlhttps://www.oracle.com/security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttp://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.htmlhttp://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.htmlhttp://seclists.org/fulldisclosure/2021/Dec/19http://seclists.org/fulldisclosure/2021/Dec/20https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujan2023.htmlhttps://www.oracle.com/security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
springboot-adminCVE-2025-3989lecmsCVE-2025-3906code injectionCVE-2025-32432CVE-2025-2105CVE-2025-3984wirelessopplustype confusionCVE-2025-29306n150rt
Home
/
Search Results
/
CVE-2021-2351
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook