Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-2163  

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

Source
Severity Medium

Remote Yes

Type Arbitrary filesystem access

Description 

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

AVG-1850 jdk7-openjdk, jre7-openjdk, jre7-openjdk-headless 7.u261_2.6.22-1 Medium Vulnerable

AVG-1849 jdk8-openjdk, jre8-openjdk, jre8-openjdk-headless 8.u282-1 Medium Vulnerable

AVG-1848 jdk11-openjdk, jre11-openjdk, jre11-openjdk-headless 11.0.10.u9-1 Medium Vulnerable

AVG-1847 jdk-openjdk, jre-openjdk, jre-openjdk-headless 15.0.2.u7-1 Medium Vulnerable 

https://www.oracle.com/security-alerts/cpuapr2021verbose.html#JAVA
https://www.oracle.com/java/technologies/javase/16-0-1-relnotes.html
https://www.oracle.com/java/technologies/javase/11-0-11-relnotes.html
https://www.oracle.com/java/technologies/javase/8u291-relnotes.html
https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_301

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started