CVE-2021-2322 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2021-2322?

CVE-2021-2322 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-2322?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Opengrok.

Vulnerability Description

Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Opengrok	<= 1.6.7

Related Weaknesses (CWE)

CWE-91

References

https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oraVendor Advisory
https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oraVendor Advisory

FAQ

What is CVE-2021-2322?

CVE-2021-2322 is a vulnerability with a CVSS score of 8.8 (HIGH). Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to comprom...

How severe is CVE-2021-2322?

CVE-2021-2322 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-2322?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Opengrok.