{"api_version":"1","generated_at":"2026-04-22T23:08:35+00:00","cve":"CVE-2021-2464","urls":{"html":"https://cve.report/CVE-2021-2464","api":"https://cve.report/api/cve/CVE-2021-2464.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-2464","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-2464"},"summary":{"title":"CVE-2021-2464","description":"Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","state":"PUBLIC","assigner":"secalert_us@oracle.com","published_at":"2021-09-24 19:15:00","updated_at":"2022-10-06 17:52:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://linux.oracle.com/errata/ELSA-2021-9444.html","name":"https://linux.oracle.com/errata/ELSA-2021-9444.html","refsource":"MISC","tags":[],"title":"linux.oracle.com | ELSA-2021-9444","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html","name":"https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html","refsource":"MISC","tags":[],"title":"CVEs for Oracle open source projects not published in other Oracle public documents","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-2464","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-2464","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"2464","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"engineered_systems_utilities","cpe6":"12.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"2464","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"engineered_systems_utilities","cpe6":"19c","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"2464","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"engineered_systems_utilities","cpe6":"21c","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"2464","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"7","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"2464","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"8","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-2464","qid":"159391","title":"Oracle Enterprise Linux Security Update for oswatcher (ELSA-2021-9444)"},{"cve":"CVE-2021-2464","qid":"20253","title":"Oracle Database 12.1.0.2 Critical Patch Update - April 2022"},{"cve":"CVE-2021-2464","qid":"20254","title":"Oracle Database 12.1.0.2 Critical Patch Update - April 2022 (Unauthenticated)"},{"cve":"CVE-2021-2464","qid":"20255","title":"Oracle Database 19c Critical Patch Update - April 2022"},{"cve":"CVE-2021-2464","qid":"20257","title":"Oracle Database 21c Critical Patch Update - April 2022"},{"cve":"CVE-2021-2464","qid":"20285","title":"Oracle Database 19c Critical OJVM Patch Update - April 2022"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2021-2464","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Oracle Linux","version":{"version_data":[{"version_value":"7","version_affected":"="},{"version_value":"8","version_affected":"="}]}}]},"vendor_name":"Oracle Corporation"}]}},"description":{"description_data":[{"lang":"eng","value":"Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}]},"impact":{"cvss":{"baseScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux.  Successful attacks of this vulnerability can result in takeover of Oracle Linux."}]}]},"references":{"reference_data":[{"url":"https://linux.oracle.com/errata/ELSA-2021-9444.html","refsource":"MISC","name":"https://linux.oracle.com/errata/ELSA-2021-9444.html"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"}]}},"nvd":{"publishedDate":"2021-09-24 19:15:00","lastModifiedDate":"2022-10-06 17:52:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:linux:8:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:engineered_systems_utilities:12.1.0.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:engineered_systems_utilities:19c:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:engineered_systems_utilities:21c:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"2464","Ordinal":"193573","Title":"CVE-2021-2464","CVE":"CVE-2021-2464","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"2464","Ordinal":"1","NoteData":"Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).","Type":"Description","Title":null},{"CveYear":"2021","CveId":"2464","Ordinal":"2","NoteData":"2021-09-24","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"2464","Ordinal":"3","NoteData":"2021-09-25","Type":"Other","Title":"Modified"}]}}}