Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2021-35550

Published: 20/10/2021 Updated: 07/11/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle openjdk 11.0.12

oracle openjdk 8

oracle openjdk 7

oracle graalvm 20.3.3

oracle graalvm 21.2.0

netapp snapmanager -

netapp oncommand insight -

netapp e-series santricity storage manager -

netapp e-series santricity os controller

netapp solidfire -

netapp hci management node -

netapp active iq unified manager -

netapp santricity unified manager -

netapp e-series santricity web services -

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-5000-1 openjdk-11 -- security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure The oldstable distribution (buster), needs additional updates to be able to build 11013 An update will be provided in a followup advisory For the sta ...
Red Hat: Moderate: java-1.8.0-ibm security update
Synopsis Moderate: java-180-ibm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...
Red Hat: Moderate: java-1.7.1-ibm security update
Synopsis Moderate: java-171-ibm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-171-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rate ...
Red Hat: Moderate: java-1.8.0-ibm security update
Synopsis Moderate: java-180-ibm security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has rate ...
Amazon Linux AMI: ALAS-2022-1561
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Java SE: 7u311, 8u301, 11012; Oracle GraalVM Enterprise Edition: 2033 and 2120 Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java ...
Amazon Linux 2: ALAS2-2021-1718
There is a flaw in the xml entity encoding functionality of libxml2 An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read The most likely impact of this flaw is to application availability, with some potential impact to confidentiali ...
Amazon Linux 2: ALAS2-2021-1726
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Java SE: 7u311, 8u301, 11012; Oracle GraalVM Enterprise Edition: 2033 and 2120 Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java ...
Red Hat: CVE-2021-35550
No description is available for this CVE ...
Arch Linux Issues:
Vulnerability in Java SE versions 7u311, 8u301, 11012 Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data Note : This vulnerability appli ...
Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603 Affected products and versions are listed below Pleas ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-355 ...

References

NVD-CWE-noinfohttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://security.netapp.com/advisory/ntap-20211022-0004/https://lists.debian.org/debian-lts-announce/2021/11/msg00008.htmlhttps://www.debian.org/security/2021/dsa-5000https://security.gentoo.org/glsa/202209-05https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/https://www.debian.org/security/2021/dsa-5000https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook