Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected Software

CPE Name Name Version
oracle:graalvm oracle graalvm 20.3.5
oracle:graalvm oracle graalvm 21.3.1
oracle:graalvm oracle graalvm
oracle:java_se oracle java se 18
oracle:java_se oracle java se 7u331
oracle:java_se oracle java se 8u321
oracle:java_se oracle java se 11.0.14
oracle:java_se oracle java se 17.0.2
netapp:element_software netapp element software -
netapp:oncommand_insight netapp oncommand insight -
netapp:e-series_santricity_storage_manager netapp e-series santricity storage manager -
netapp:solidfire netapp solidfire -
netapp:hci_management_node netapp hci management node -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:santricity_unified_manager netapp santricity unified manager -
netapp:e-series_santricity_web_services netapp e-series santricity web services -
netapp:e-series_santricity_os_controller netapp e-series santricity os controller 11.70.1
netapp:cloud_insights_acquisition_unit netapp cloud insights acquisition unit -
netapp:cloud_secure_agent netapp cloud secure agent -
netapp:bootstrap_os netapp bootstrap os -
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
debian:debian_linux debian debian linux 11.0
azul:zulu azul zulu 7.52
azul:zulu azul zulu 8.60
azul:zulu azul zulu 11.54
azul:zulu azul zulu 13.46
azul:zulu azul zulu 15.38
azul:zulu azul zulu 17.32
azul:zulu azul zulu 6.45
azul:zulu azul zulu 18.28