Oracle Talent Acquisition Cloud Remote Code Execution

CVE编号

CVE-2021-35689

利用情况

暂无

补丁情况

N/A

披露时间

2022-02-24

漏洞描述

A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-publi...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	oracle	talent_acquisition_cloud	-	-

攻击路径网络
攻击复杂度低
权限要求无
影响范围未更改
用户交互无
可用性高
保密性高
完整性高

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-ID 漏洞类型 NVD-CWE-noinfo

正文

Oracle Talent Acquisition Cloud Remote Code Execution

漏洞描述

解决建议

参考链接

受影响软件情况

相关阅读

Oracle E-Business Suite Oracle Applications Framework UIX组件存在未明漏洞

Oracle Database Workspace Manager组件存在未明漏洞

Oracle Supply Chain 9.3.1.1/9.3.1.2/9.3.2/9.3.3 Agile PLM 未知漏洞

Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 XML Developer's Kit for C 拒绝服务漏洞

发表评论取消回复

还没有评论，来说两句吧...

目录[+]