7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
64.4%
Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79
package_evr_string: java-11-openjdk-11.0.18.0.10-1
CVE-ID: CVE-2021-2161
BDU-ID: 2021-02490
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition software platforms exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to create, delete, or modify access to critical data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2021-2163
BDU-ID: 2021-02491
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Libraries component of the Java SE, Java SE Embedded, and Oracle GraalVM Enterprise Edition software platforms exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to create, delete, or modify access to critical data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2021-2388
BDU-ID: 2021-04023
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Hotspot component of the Hotspot component of the Oracle GraalVM Enterprise Edition virtual machine, Java SE software platform is related to the ability to inject untrusted code. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary Java code
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close it.
CVE-ID: CVE-2021-2369
BDU-ID: 2021-04533
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Library component of the Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-11-openjdk command to close.
CVE-ID: CVE-2021-2341
BDU-ID: 2021-04004
CVE-Crit: LOW
CVE-DESC: A vulnerability in the Networking component of the Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
64.4%