Auto-merge PR#4681

2025-08-04 08:44:25 +00:00 · 2022-02-23 21:40:10 -05:00 · 2022-02-23 21:40:10 -05:00 · e0492b88a2
commit e0492b88a2
parent d1cb46e037 84bdf6dba2
1 changed files with 55 additions and 4 deletions
--- a/2021/35xxx/CVE-2021-35689.json
+++ b/2021/35xxx/CVE-2021-35689.json
@ -4,15 +4,66 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-35689",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "secalert_us@oracle.com",
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Oracle Talent Acquisition Cloud - Taleo Enterprise Edition",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "*"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Oracle Corporation"
+                }
+            ]
+        }
+    },	
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle."
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "baseScore": "9.8",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-2138 by Oracle"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-documents.html",
+                "name": "https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-documents.html",
+                "refsource": "MISC"
+            }
+        ]
+    }	
 }