CVE-2021-2341

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

References

https://www.oracle.com/security-alerts/cpujul2021.html

https://security.netapp.com/advisory/ntap-20210723-0002/

https://www.debian.org/security/2021/dsa-4946

https://lists.fedoraproject.org/archives/list/[email protected]/message/N57OFX5EJKHHDW4WAOBZFWA5CL4VIIK5/

https://lists.fedoraproject.org/archives/list/[email protected]/message/VTRQIXB52KIXUAO6JBYUKYWXST2NKNAK/

https://lists.fedoraproject.org/archives/list/[email protected]/message/PJJ75FHSUZGWPV4UJTSMQHWLOQ77LHTG/

https://lists.fedoraproject.org/archives/list/[email protected]/message/A4TTUHVQF2MGUTP6GTCXLZS4GXK3XUWC/

Details

Source: MITRE

Published: 2021-07-21

Updated: 2021-08-10

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 3.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 1.6

Severity: LOW

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
153190SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2021:3007-1)NessusSuSE Local Security Checks
medium
153166Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2021-1528)NessusAmazon Linux Local Security Checks
high
153152Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2021-1695)NessusAmazon Linux Local Security Checks
high
153116openSUSE 15 Security Update : java-11-openjdk (openSUSE-SU-2021:1233-1)NessusSuSE Local Security Checks
high
153001openSUSE 15 Security Update : java-11-openjdk (openSUSE-SU-2021:2952-1)NessusSuSE Local Security Checks
high
152994SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2021:2952-1)NessusSuSE Local Security Checks
high
152903RHEL 7 : java-1.7.1-ibm (RHSA-2021:3293)NessusRed Hat Local Security Checks
medium
152902RHEL 7 : java-1.8.0-ibm (RHSA-2021:3292)NessusRed Hat Local Security Checks
medium
152736openSUSE 15 Security Update : java-1_8_0-openjdk (openSUSE-SU-2021:1176-1)NessusSuSE Local Security Checks
high
152726openSUSE 15 Security Update : java-1_8_0-openjdk (openSUSE-SU-2021:2798-1)NessusSuSE Local Security Checks
high
152716SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:2797-1)NessusSuSE Local Security Checks
high
152712SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2021:2798-1)NessusSuSE Local Security Checks
high
152497CentOS 7 : java-1.8.0-openjdk (CESA-2021:2845)NessusCentOS Local Security Checks
high
152384Debian DLA-2737-1 : openjdk-8 - LTS security updateNessusDebian Local Security Checks
high
152247SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2021:2613-1)NessusSuSE Local Security Checks
high
152163Debian DSA-4946-1 : openjdk-11 - security updateNessusDebian Local Security Checks
high
152088Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x i686/x86_64 (2021:2845)NessusScientific Linux Local Security Checks
high
152087Scientific Linux Security Update : java-11-openjdk on SL7.x i686/x86_64 (2021:2784)NessusScientific Linux Local Security Checks
high
152067CentOS 8 : java-11-openjdk (CESA-2021:2781)NessusCentOS Local Security Checks
high
152066CentOS 8 : java-1.8.0-openjdk (CESA-2021:2776)NessusCentOS Local Security Checks
high
152021Oracle Java SE 1.7.0_311 / 1.8.0_301 / 1.11.0_12 / 1.16.0_2 Multiple Vulnerabilities (Unix July 2021 CPU)NessusMisc.
high
152020Oracle Java SE 1.7.0_311 / 1.8.0_301 / 1.11.0_12 / 1.16.0_2 Multiple Vulnerabilities (July 2021 CPU)NessusWindows
high
151987CentOS 7 : java-11-openjdk (CESA-2021:2784)NessusCentOS Local Security Checks
high
151984Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2021-2776)NessusOracle Linux Local Security Checks
high
151982Oracle Linux 8 : java-11-openjdk (ELSA-2021-2781)NessusOracle Linux Local Security Checks
high
151930Amazon Linux 2 : java-11-amazon-corretto (ALAS-2021-1692)NessusAmazon Linux Local Security Checks
high
151928Oracle Linux 7 : java-11-openjdk (ELSA-2021-2784)NessusOracle Linux Local Security Checks
high
151927RHEL 7 : java-1.8.0-openjdk (RHSA-2021:2845)NessusRed Hat Local Security Checks
high
151925Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2021-2845)NessusOracle Linux Local Security Checks
high
151914RHEL 8 : java-1.8.0-openjdk (RHSA-2021:2774)NessusRed Hat Local Security Checks
high
151913RHEL 8 : java-1.8.0-openjdk (RHSA-2021:2775)NessusRed Hat Local Security Checks
high
151912RHEL 8 : java-11-openjdk (RHSA-2021:2783)NessusRed Hat Local Security Checks
high
151911RHEL 8 : java-11-openjdk (RHSA-2021:2782)NessusRed Hat Local Security Checks
high
151910RHEL 8 : java-1.8.0-openjdk (RHSA-2021:2776)NessusRed Hat Local Security Checks
high
151909RHEL 7 : java-11-openjdk (RHSA-2021:2784)NessusRed Hat Local Security Checks
high
151908RHEL 8 : java-11-openjdk (RHSA-2021:2781)NessusRed Hat Local Security Checks
high
151905OpenJDK 7 <= 7u301 / 8 <= 8u292 / 11.0.0 <= 11.0.11 / 13.0.0 <= 13.0.7 / 15.0.0 <= 15.0.3 / 16.0.0 <= 16.0.1 Multiple Vulnerabilities (2021-07-20)NessusMisc.
high