CVE-2021-35559

EPSS 0.12%
Veröffentlicht 20.10.2021 11:16:34
Zuletzt bearbeitet 21.11.2024 06:12:31
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Graalvm Version20.3.3 SwEditionenterprise

Oracle ≫ Graalvm Version21.2.0 SwEditionenterprise

Oracle ≫ Openjdk Version7 Updateupdate311

Oracle ≫ Openjdk Version8 Updateupdate301

Oracle ≫ Openjdk Version11.0.12

Oracle ≫ Openjdk Version17

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 <= 11.50.2

Netapp ≫ E-series Santricity Storage Manager Version-

Netapp ≫ E-series Santricity Web Services Version- SwPlatformweb_services_proxy

Netapp ≫ Hci Management Node Version-

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Santricity Unified Manager Version-

Netapp ≫ Snapmanager Version- SwPlatformoracle

Netapp ≫ Snapmanager Version- SwPlatformsap

Netapp ≫ Solidfire Version-

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.315

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
secalert_us@oracle.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Vendor Advisory

https://security.netapp.com/advisory/ntap-20240621-0006/

https://security.gentoo.org/glsa/202209-05

Third Party Advisory

https://security.netapp.com/advisory/ntap-20211022-0004/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/