Lucene search

K
cveOracleCVE-2021-35578
HistoryOct 20, 2021 - 11:16 a.m.

CVE-2021-35578

2021-10-2011:16:55
oracle
web.nvd.nist.gov
277
10
cve-2021-35578
vulnerability
java se
oracle graalvm enterprise edition
unauthenticated attacker
tls
compromise
denial of service

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.1

Confidence

High

EPSS

0.003

Percentile

69.8%

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected configurations

Nvd
Vulners
Vulnrichment
Node
oraclegraalvmMatch20.3.3enterprise
OR
oraclegraalvmMatch21.2.0enterprise
OR
oracleopenjdkMatch8update301
OR
oracleopenjdkMatch11.0.12
OR
oracleopenjdkMatch17
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappactive_iq_unified_managerMatch-windows
OR
netappe-series_santricity_os_controllerRange11.0.011.50.2
OR
netappe-series_santricity_storage_managerMatch-
OR
netappe-series_santricity_web_servicesMatch-web_services_proxy
OR
netapphci_management_nodeMatch-
OR
netapponcommand_insightMatch-
OR
netapponcommand_workflow_automationMatch-
OR
netappsantricity_unified_managerMatch-
OR
netappsnapmanagerMatch-oracle
OR
netappsnapmanagerMatch-sap
OR
netappsolidfireMatch-
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
OR
fedoraprojectfedoraMatch35
VendorProductVersionCPE
oraclegraalvm20.3.3cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*
oraclegraalvm21.2.0cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*
oracleopenjdk8cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*
oracleopenjdk11.0.12cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*
oracleopenjdk17cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
netappe-series_santricity_os_controller*cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netappe-series_santricity_storage_manager-cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
netappe-series_santricity_web_services-cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
Rows per page:
1-10 of 231

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Java SE JDK and JRE",
    "versions": [
      {
        "version": "Java SE:8u301",
        "status": "affected"
      },
      {
        "version": "Java SE:11.0.12",
        "status": "affected"
      },
      {
        "version": "Java SE:17",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:20.3.3",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:21.2.0",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.1

Confidence

High

EPSS

0.003

Percentile

69.8%