CVE-2021-35689
moderate-risk
Published 2022-02-24
A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enterprise Edition system. Successful attacks of this vulnerability can result in unauthorized remote code execution within Taleo Enterprise Edition and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. All affected customers were notified of CVE-2021-35689 by Oracle.
Do I need to act?
~
3.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Talent Acquisition Cloud
Affected Vendors
References (2)
Permissions Required
https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-d...
Permissions Required
https://www.oracle.com/security-alerts/oracle-cves-outside-other-oracle-public-d...
43
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
6/34 · Minimal
Exposure
5/34 · Minimal