Description
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Build of OpenJDK | |||
| Linux | cpe:/a:redhat:openjdk:11.0.11 | RHSA-2021:1446 | 2021-04-28T00:00:00Z |
| Windows | cpe:/a:redhat:openjdk:11.0.11::windows | RHSA-2021:1447 | 2021-04-28T00:00:00Z |
| Linux | cpe:/a:redhat:openjdk:1.8 | RHSA-2021:1444 | 2021-04-28T00:00:00Z |
| Windows | cpe:/a:redhat:openjdk:1.8::windows | RHSA-2021:1445 | 2021-04-28T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| java-11-openjdk-1:11.0.11.0.9-1.el7_9 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2021:1297 | 2021-04-20T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.292.b10-1.el7_9 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2021:1298 | 2021-04-20T00:00:00Z |
| Red Hat Enterprise Linux 7 Supplementary | |||
| java-1.7.1-ibm-1:1.7.1.5.15-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2022:6755 | 2022-09-29T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.7.15-1jpp.1.el7 | cpe:/a:redhat:rhel_extras:7 | RHSA-2022:6756 | 2022-09-29T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| java-1.8.0-openjdk-1:1.8.0.292.b10-0.el8_3 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2021:1301 | 2021-04-20T00:00:00Z |
| java-11-openjdk-1:11.0.11.0.9-0.el8_3 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2021:1307 | 2021-04-20T00:00:00Z |
| java-1.8.0-ibm-1:1.8.0.7.15-1.el8_6 | cpe:/a:redhat:enterprise_linux:8::supplementary | RHSA-2022:6735 | 2022-10-25T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Extended Update Support | |||
| java-11-openjdk-1:11.0.11.0.9-0.el8_1 | cpe:/a:redhat:rhel_eus:8.1 | RHSA-2021:1305 | 2021-04-20T00:00:00Z |
| java-1.8.0-openjdk-1:1.8.0.292.b10-0.el8_1 | cpe:/a:redhat:rhel_eus:8.1 | RHSA-2021:1315 | 2021-04-21T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Extended Update Support | |||
| java-1.8.0-openjdk-1:1.8.0.292.b10-0.el8_2 | cpe:/a:redhat:rhel_eus:8.2 | RHSA-2021:1299 | 2021-04-20T00:00:00Z |
| java-11-openjdk-1:11.0.11.0.9-0.el8_2 | cpe:/a:redhat:rhel_eus:8.2 | RHSA-2021:1306 | 2021-04-20T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-2634-1 | openjdk-8 security update |
 EUVD |
EUVD-2021-16622 | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). |
 Ubuntu USN |
USN-4892-1 | OpenJDK vulnerability |
References
History
Fri, 27 Sep 2024 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Subscriptions
Debian
Subscribe
Debian Linux
Subscribe
Fedoraproject
Subscribe
Fedora
Subscribe
Netapp
Subscribe
Active Iq Unified Manager
Subscribe
Hci Compute Node
Subscribe
Hci Management Node
Subscribe
Hci Storage Node
Subscribe
Solidfire
Subscribe
Oracle
Subscribe
Graalvm
Subscribe
Jdk
Subscribe
Jre
Subscribe
Openjdk
Subscribe
Redhat
Subscribe
Enterprise Linux
Subscribe
Openjdk
Subscribe
Rhel Eus
Subscribe
Rhel Extras
Subscribe
MITRE
Status: PUBLISHED
Assigner: oracle
Published:
Updated: 2024-09-26T15:33:21.760Z
Reserved: 2020-12-09T00:00:00.000Z
Link: CVE-2021-2163
Vulnrichment
Updated: 2024-08-03T16:32:03.140Z
NVD
Status : Modified
Published: 2021-04-22T22:15:13.093
Modified: 2024-11-21T06:02:30.933
Link: CVE-2021-2163
Redhat
OpenCVE Enrichment
No data.
Weaknesses