CVE-2021-2464

HIGH

Oracle Linux 7 and 8 - Authenticated Remote Code Execution in OSwatcher

Title source: llm
STIX 2.1

Description

Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://linux.oracle.com/errata/ELSA-2021-9444.html
Patch, Vendor Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html

Scores

CVSS v3 7.8
EPSS 0.0006
EPSS Percentile 19.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (5)
oracle/engineered_systems_utilities 12.1.0.2
oracle/engineered_systems_utilities 19c
oracle/engineered_systems_utilities 21c
oracle/linux 7
oracle/linux 8
Published Sep 24, 2021
Tracked Since Feb 18, 2026