cnvd - cnvd-2021-102404

cnvd-2021-102404

Vulnerability from cnvd

Title

Oracle Secure Global Desktop未授权访问漏洞

Description

Oracle Secure Global Desktop是用于运行在Microsoft Windows、Linux、Oracle Solaris和大型机服务器上的任何云托管企业应用程序和托管桌面的安全的远程访问解决方案。 Oracle Secure Global Desktop未授权访问漏洞。攻击者可利用该漏洞通过多种协议访问网络来破坏 Oracle Secure Global Desktop。成功攻击此漏洞可能会导致对Oracle Secure Global Desktop可访问数据的子集进行未经授权的读取访问，以及导致Oracle Secure Global Desktop部分拒绝服务。

Severity

中

Patch Name

Oracle Secure Global Desktop未授权访问漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.oracle.com/security-alerts/cpuoct2021.html

Reference

https://www.oracle.com/security-alerts/cpuoct2021.html

Impacted products

Name
Oracle Oracle Secure Global Desktop 5.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-35649",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-35649"
    }
  },
  "description": "Oracle Secure Global Desktop\u662f\u7528\u4e8e\u8fd0\u884c\u5728Microsoft Windows\u3001Linux\u3001Oracle Solaris\u548c\u5927\u578b\u673a\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u4f55\u4e91\u6258\u7ba1\u4f01\u4e1a\u5e94\u7528\u7a0b\u5e8f\u548c\u6258\u7ba1\u684c\u9762\u7684\u5b89\u5168\u7684\u8fdc\u7a0b\u8bbf\u95ee\u89e3\u51b3\u65b9\u6848\u3002\n\nOracle Secure Global Desktop\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u591a\u79cd\u534f\u8bae\u8bbf\u95ee\u7f51\u7edc\u6765\u7834\u574f Oracle Secure Global Desktop\u3002\u6210\u529f\u653b\u51fb\u6b64\u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5bf9Oracle Secure Global Desktop\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bfb\u53d6\u8bbf\u95ee\uff0c\u4ee5\u53ca\u5bfc\u81f4Oracle Secure Global Desktop\u90e8\u5206\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/security-alerts/cpuoct2021.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-102404",
  "openTime": "2021-12-27",
  "patchDescription": "Oracle Secure Global Desktop\u662f\u7528\u4e8e\u8fd0\u884c\u5728Microsoft Windows\u3001Linux\u3001Oracle Solaris\u548c\u5927\u578b\u673a\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u4f55\u4e91\u6258\u7ba1\u4f01\u4e1a\u5e94\u7528\u7a0b\u5e8f\u548c\u6258\u7ba1\u684c\u9762\u7684\u5b89\u5168\u7684\u8fdc\u7a0b\u8bbf\u95ee\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nOracle Secure Global Desktop\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u591a\u79cd\u534f\u8bae\u8bbf\u95ee\u7f51\u7edc\u6765\u7834\u574f Oracle Secure Global Desktop\u3002\u6210\u529f\u653b\u51fb\u6b64\u6f0f\u6d1e\u53ef\u80fd\u4f1a\u5bfc\u81f4\u5bf9Oracle Secure Global Desktop\u53ef\u8bbf\u95ee\u6570\u636e\u7684\u5b50\u96c6\u8fdb\u884c\u672a\u7ecf\u6388\u6743\u7684\u8bfb\u53d6\u8bbf\u95ee\uff0c\u4ee5\u53ca\u5bfc\u81f4Oracle Secure Global Desktop\u90e8\u5206\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Secure Global Desktop\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle Oracle Secure Global Desktop 5.6"
  },
  "referenceLink": "https://www.oracle.com/security-alerts/cpuoct2021.html",
  "serverity": "\u4e2d",
  "submitTime": "2021-10-20",
  "title": "Oracle Secure Global Desktop\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2021-35649 (GCVE-0-2021-35649)

Vulnerability from cvelistv5

Published

2021-10-20 10:51

Modified

2024-09-25 19:20

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop.

Summary

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS 3.1 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L).

References

URL

Tags

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC