CVE-2021-2163 — Use of a Broken or Risky Cryptographic Algorithm in Oracle Openjdk

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm8 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 73.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Openjdk Oracle Corporation Java SE JDK AND JRE Debian Linux +4 more

Timeline

PublishedApr 22

Latest updateMay 24

Description

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful att…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jre8 versions+7

▶NVDoracle/graalvm19.3.5, 20.3.1.2, 21.0.0.2+2

▶NVDoracle/openjdk11 — 11.0.10+5

▶NVDoracle/jdk4 versions+3

▶NVDoracle/jre1.8.0

Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33, 34

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-6mm5-r7wc-h7pm: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2022-05-24

▶

CVEList

CVE-2021-2163: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2021-04-22

▶

OSV

CVE-2021-2163: Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2021-04-22

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerability↗2021-04-27

▶

Red Hat

OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (Libraries, 8249906)↗2021-04-20

▶

Oracle

Oracle Oracle Java SE Risk Matrix: Libraries — CVE-2021-2163↗2021-04-15

▶

Debian

CVE-2021-2163: openjdk-11 - Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Editio...↗2021

▶