Bill Situ <Bill.Situ@Oracle.com>

On branch cna/Oracle/Opensource2021Sept
 Changes to be committed:
	modified:   2021/2xxx/CVE-2021-2464.json

2021/2xxx/CVE-2021-2464.json

@@ -1,18 +1,71 @@
-{
+    {
-    "data_type": "CVE",
+        "data_type": "CVE",
-    "data_format": "MITRE",
+        "data_format": "MITRE",
-    "data_version": "4.0",
+        "data_version": "4.0",
-    "CVE_data_meta": {
+        "CVE_data_meta": {
-        "ID": "CVE-2021-2464",
+            "ASSIGNER": "secalert_us@oracle.com",
-        "ASSIGNER": "cve@mitre.org",
+            "ID": "CVE-2021-2464"
-        "STATE": "RESERVED"
+        },
-    },
+        "affects": {
-    "description": {
+            "vendor": {
-        "description_data": [
+                "vendor_data": [
-            {
+                    {
-                "lang": "eng",
+                        "product": {
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                            "product_data": [
+                                {
+                                    "product_name": "Oracle Linux",
+                                    "version": {
+                                        "version_data": [
+                                            {
+                                                "version_value": "7",
+                                                "version_affected": "="
+                                            },
+                                            {
+                                                "version_value": "8",
+                                                "version_affected": "="
+                                            }
+                                        ]
+                                    }
+                                }
+                            ]
+                        },
+                        "vendor_name": "Oracle Corporation"
+                    }
+                ]
             }
-        ]
+        },
-    }
+        "description": {
-}
+            "description_data": [
+                {
+                    "lang": "eng",
+                    "value": "Vulnerability in Oracle Linux (component: OSwatcher).  Supported versions that are affected are 7 and  8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux.  Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
+                }
+            ]
+        },
+        "impact": {
+            "cvss": {
+                "baseScore": "7.8",
+                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+                "version": "3.1"
+            }
+        },
+        "problemtype": {
+            "problemtype_data": [
+                {
+                    "description": [
+                        {
+                            "lang": "eng",
+                            "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux.  Successful attacks of this vulnerability can result in takeover of Oracle Linux."
+                        }
+                    ]
+                }
+            ]
+        },
+        "references": {
+            "reference_data": [
+                {
+                    "url": "https://www.oracle.com/security-alerts/oracle-open-source-cves-outside-other-oracle-public-documents.html"
+                }
+            ]
+        }
+    }