Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Mcafee
  • Epolicy Orchestrator
Netapp
  • Active Iq Unified Manager
  • Hci Compute Node
  • Hci Management Node
  • Hci Storage Node
  • Solidfire
Oracle
  • Graalvm
  • Jdk
  • Jre
  • Openjdk
Redhat
  • Openjdk

Configuration 1 [-]

OR cpe:2.3:a:oracle:jdk:1.7.0:update291:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update281:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:16.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update281:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:16:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Build of OpenJDK
Windows cpe:/a:redhat:openjdk:11.0.11::windows RHSA-2021:1447 2021-04-28T00:00:00Z
Windows cpe:/a:redhat:openjdk:1.8::windows RHSA-2021:1445 2021-04-28T00:00:00Z
References
Link Providers
https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures cve-icon cve-icon
https://kc.mcafee.com/corporate/index?page=content&id=SB10366 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG7EWXSO6JUCVHP7R3SOZQ7WPNBOISJH/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAULPCQFLAMBJIS27YLNNX6IHRFJMVP4/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MVDY4T5XMSYDQT6RRKPMRCV4MVGS7KXF/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UD3JEP4HPLK7MNZHVUMKIJPBP74M3A2V/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-2161 cve-icon
https://security.gentoo.org/glsa/202209-05 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20210513-0001/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-2161 cve-icon
https://www.debian.org/security/2021/dsa-4899 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2021.html cve-icon cve-icon
History

Thu, 26 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2021-04-22T21:53:46

Updated: 2024-09-26T15:33:42.318Z

Reserved: 2020-12-09T00:00:00

Link: CVE-2021-2161

cve-icon Vulnrichment

Updated: 2024-08-03T16:32:03.135Z

cve-icon NVD

Status : Modified

Published: 2021-04-22T22:15:13.037

Modified: 2023-11-07T03:32:49.767

Link: CVE-2021-2161

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-04-20T00:00:00Z

Links: CVE-2021-2161 - Bugzilla