CVE-2021-26271

Published Jan 26, 2021

Last updated 3 years ago

Overview

Description: It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-829

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C5F969A-06A2-4D84-B7DF-1CE68E285C0F",
            "versionEndExcluding": "4.16",
            "versionStartIncluding": "4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B4D758F-EABD-498C-9C9E-C3F35927F7DC",
            "versionEndExcluding": "21.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40F940AA-05BE-426C-89A3-4098E107D9A7",
            "versionEndIncluding": "8.0.9",
            "versionStartIncluding": "8.0.6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FB8AE1F-FA6B-4A5E-AA5B-D0B7C78FE886"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
            "versionEndExcluding": "9.2.6.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2B15024-E757-443B-8424-BBF0A28C3753",
            "versionEndExcluding": "21.9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References