Committer: Bill Situ <Bill.Situ.oracle.com>

On branch cna/Oracle/CVE-2021-35689 Changes to be committed: modified: 2021/35xxx/CVE-2021-35689.json
2025-08-04 08:44:25 +00:00 · 2022-02-23 16:19:27 -08:00 · 2022-02-23 16:19:27 -08:00 · 84bdf6dba2
commit 84bdf6dba2
parent ab69613d34
1 changed files with 55 additions and 4 deletions
--- a/2021/35xxx/CVE-2021-35689.json
+++ b/2021/35xxx/CVE-2021-35689.json
@ -4,15 +4,66 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-35689",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "secalert_us@oracle.com",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Oracle Talent Acquisition Cloud - Taleo Enterprise Edition",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "*"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Oracle Corporation"
+                }
+            ]
+        }
+    },	
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle."
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": "9.8",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-2138 by Oracle"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-documents.html",
+                "name": "https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-documents.html",
+                "refsource": "MISC"
+            }
+        ]
+    }	
 }