6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.002 Low
EPSS
Percentile
60.2%
Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79
package_evr_string: java-11-openjdk-11.0.18.0.10-1
CVE-ID: CVE-2021-35603
BDU-ID: None
CVE-Crit: LOW
CVE-DESC: A vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: JSSE). A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks against this vulnerability could result in unauthorized read access to a subset of available Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35586
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: ImageIO). An easily exploitable vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35578
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: JSSE). An easily exploitable vulnerability allows an unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35567
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: libraries). An easily exploitable vulnerability allows a low-privilege attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require interaction with a person other than the attacker, and although the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks can significantly impact other products. Successful attacks of this vulnerability could result in unauthorized access to critical data or full access to all available Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35564
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: Keytool). Affected supported versions: Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. An easily exploitable vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in unauthorized update, insertion, or removal of access to some available Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35561
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: utility). An easily exploitable vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35559
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: Swing). An easily exploitable vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35556
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: Swing). An easily exploitable vulnerability allows an unauthenticated attacker with network access over multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35565
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: Vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: JSSE). An easily exploitable vulnerability allows an unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2021-35550
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE (component: JSSE). A difficult-to-exploit vulnerability allows an unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks against this vulnerability could result in unauthorized access to critical data or full access to all available Java SE, Oracle GraalVM Enterprise Edition data.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.002 Low
EPSS
Percentile
60.2%