Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2133
HistoryMar 21, 2023 - 12:31 p.m.

Advisory ROSA-SA-2023-2133

2023-03-2112:31:42
ROSA LAB
abf.rosalinux.ru
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.4%

JSON

Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79

package_evr_string: java-11-openjdk-11.0.18.0.10-1

CVE-ID: CVE-2021-2161
BDU-ID: 2021-02490
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition software platforms exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to create, delete, or modify access to critical data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.

CVE-ID: CVE-2021-2163
BDU-ID: 2021-02491
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition software platforms exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to create, delete, or modify access to critical data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.

CVE-ID: CVE-2021-2388
BDU-ID: 2021-04023
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Hotspot component of the Hotspot component of the Oracle GraalVM Enterprise Edition virtual machine, Java SE software platform is related to the ability to inject untrusted code. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary Java code
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close it.

CVE-ID: CVE-2021-2369
BDU-ID: 2021-04533
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Library component of the Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-11-openjdk command to close.

CVE-ID: CVE-2021-2341
BDU-ID: 2021-04004
CVE-Crit: LOW
CVE-DESC: A vulnerability in the Networking component of the Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.

Related

openvas 42
nessus 62
suse 9
osv 6
centos 2
rocky 2
almalinux 2
oraclelinux 4
archlinux 4
redhat 16
amazon 3
fedora 10
debian 3
ibm 30
f5 1
kaspersky 2
mageia 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:2798-1)
2021-08-20 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2021:2798-1)
2021-08-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2797-1)
2021-08-20 00:00:00
nessus
nessus
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:2797-1)
2021-08-21 00:00:00
openSUSE 15 Security Update : java-1_8_0-openjdk (openSUSE-SU-2021:2798-1)
2021-08-21 00:00:00
SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:2798-1)
2021-08-21 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2021-08-21 00:00:00
Security update for java-1_8_0-openjdk (important)
2021-08-20 00:00:00
Security update for java-11-openjdk (important)
2021-09-03 00:00:00
osv
osv
Important: java-11-openjdk security update
2021-07-21 07:28:55
openjdk-11 - security update
2021-07-29 00:00:00
Important: java-1.8.0-openjdk security update
2021-07-21 07:31:58
centos
centos
java security update
2021-07-22 13:56:57
java security update
2021-08-11 16:31:46
rocky
rocky
java-11-openjdk security update
2021-07-21 07:28:55
java-1.8.0-openjdk security update
2021-07-21 07:31:58
almalinux
almalinux
Important: java-1.8.0-openjdk security update
2021-07-21 07:31:58
Important: java-11-openjdk security update
2021-07-21 07:28:55
oraclelinux
oraclelinux
java-1.8.0-openjdk security and bug fix update
2021-07-22 00:00:00
java-11-openjdk security update
2021-07-22 00:00:00
java-1.8.0-openjdk security update
2021-07-22 00:00:00
archlinux
archlinux
[ASA-202107-53] jdk11-openjdk: multiple issues
2021-07-21 00:00:00
[ASA-202107-54] jre11-openjdk-headless: multiple issues
2021-07-21 00:00:00
[ASA-202107-66] jre-openjdk: multiple issues
2021-07-22 00:00:00
redhat
redhat
(RHSA-2021:2780) Important: OpenJDK 11.0.12 Security Update for Portable Linux Builds
2021-07-22 15:04:07
(RHSA-2021:2779) Important: OpenJDK 11.0.12 Security Update for Windows Builds
2021-07-22 15:04:04
(RHSA-2021:2778) Important: OpenJDK 8u302 Security Update for Portable Linux Builds
2021-07-22 14:58:21
amazon
amazon
Important: java-11-amazon-corretto
2021-07-21 00:43:00
Important: java-1.8.0-openjdk
2021-08-04 20:32:00
Important: java-1.8.0-openjdk
2021-09-02 22:54:00
fedora
fedora
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.12.0.7-0.fc34
2021-08-01 04:05:21
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.302.b08-0.fc33
2021-08-01 04:05:00
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.12.0.7-0.fc33
2021-08-01 04:05:00
debian
debian
[SECURITY] [DSA 4946-1] openjdk-11 security update
2021-07-29 18:44:34
[SECURITY] [DLA 2737-1] openjdk-8 security update
2021-08-09 19:27:32
[SECURITY] [DLA 2634-1] openjdk-8 security update
2021-04-23 11:31:18
ibm
ibm
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition
2021-09-13 11:17:27
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
2021-11-09 16:19:35
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - July 2021 - Includes Oracle July 2021 CPU minus CVE-2021-2341 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
2021-10-30 14:41:35
f5
f5
K55354030 : OpenJDK vulnerabilities CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-2432
2022-08-22 00:00:00
kaspersky
kaspersky
KLA12237 Multiple vulnerabilities in Oracle Java SE
2021-07-20 00:00:00
KLA12159 Multiple vulnerabilities in Oracle Java SE
2021-04-20 00:00:00
mageia
mageia
Updated java-openjdk packages fix security vulnerabilities
2021-06-29 01:51:23

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

64.4%

JSON
Related for ROSA-SA-2023-2133
openvas42nessus62suse9osv6centos2rocky2almalinux2oraclelinux4archlinux4redhat16amazon3fedora10debian3ibm30f51kaspersky2mageia1