Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-2161

Опубликовано: 20 апр. 2021
Источник: redhat
CVSS3: 5.9

Описание

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of OpenJDK 11LinuxNot affected
Red Hat build of OpenJDK 1.8LinuxNot affected
Red Hat Enterprise Linux 7java-11-openjdkNot affected
Red Hat Enterprise Linux 7java-1.7.1-ibmNot affected
Red Hat Enterprise Linux 7java-1.8.0-ibmNot affected
Red Hat Enterprise Linux 7java-1.8.0-openjdkNot affected
Red Hat Enterprise Linux 8java-11-openjdkNot affected
Red Hat Enterprise Linux 8java-1.8.0-ibmNot affected
Red Hat Enterprise Linux 8java-1.8.0-openjdkNot affected
Red Hat Build of OpenJDKWindowsFixedRHSA-2021:144728.04.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=1951231OpenJDK: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows (Libraries, 8250568)

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-2161

CVSS3: 5.9
ubuntu
около 4 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impa...

nvd логотип

CVE-2021-2161

CVSS3: 5.9
nvd
около 4 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts

debian логотип

CVE-2021-2161

CVSS3: 5.9
debian
около 4 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr ...

github логотип

GHSA-f8w7-hh6g-979x

CVSS3: 5.9
github
около 3 лет назад

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impa...

fstec логотип

BDU:2021-02490

CVSS3: 5.9
fstec
около 4 лет назад

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю создать, удалить или изменить доступ к критически важным данным

5.9 Medium

CVSS3