AVID-2026-R0714

Description

Vulnerability CVE-2021-2138

Details

Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

Reason for inclusion in AVID: CVE-2021-2138 relates to a vulnerability in Oracle Cloud Infrastructure Data Science Notebook Sessions, a service used for AI/ML workflows (notebook environments). It enables unauthorized access/alteration of data via a low-privilege attacker with network-adjacent access. This is a software component used in AI tooling within the GP AI stack, not hardware/firmware only. The CVE provides explicit security impact, scope, and evidence. Therefore it is relevant to the AI supply chain and should be kept for AVID curation.

References

• NVD entry
• https://support.oracle.com

Affected or Relevant Artifacts

• Developer: Oracle Corporation
• Deployer: Oracle Corporation
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2021-03-03
• Version: 0.3.3
• AVID Entry