[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-35567Date: (C)2021-10-20   (M)2024-03-22


Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.8CVSS Score : 6.3
Exploit Score: 2.3Exploit Score: 6.8
Impact Score: 4.0Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: SINGLE
User Interaction: REQUIREDConfidentiality: COMPLETE
Scope: CHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
DSA-5000
DSA-5012
FEDORA-2021-107c8c5063
FEDORA-2021-1cc8ffd122
FEDORA-2021-7701833090
GLSA-202209-05
https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html
https://security.netapp.com/advisory/ntap-20211022-0004/
https://www.oracle.com/security-alerts/cpuoct2021.html

CPE    1
cpe:/o:debian:debian_linux:9.0
OVAL    46
oval:org.secpod.oval:def:75586
oval:org.secpod.oval:def:75495
oval:org.secpod.oval:def:75571
oval:org.secpod.oval:def:2500407
...

© SecPod Technologies