Cyber Resilience

CVE-2021-35515

HighDDoS

Published: 13 July 2021

Published
13 July 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0119 79.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-35515 is a high-severity Excessive Iteration (CWE-834) vulnerability in Oracle Insurance Policy Administration. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 20.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress'…

more

sevenz package.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
commons compress
1.6 — 1.20
netapp
active iq unified manager
all versions
netapp
oncommand insight
all versions
oracle
banking digital experience
19.1, 20.1, 21.1 · 18.1 — 18.3
oracle
banking enterprise default management
2.7.0
oracle
banking party management
2.7.0
oracle
banking payments
14.5
oracle
banking trade finance
14.5
oracle
banking treasury management
14.5
oracle
business process management suite
12.2.1.3.0, 12.2.1.4.0
+16 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-835

Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable.

addresses: CWE-835

Detects and mitigates infinite loops that produce sustained resource consumption.

References