CVE-2021-2432 — Corporation Java SE JDK AND JRE vulnerability

6 documents6 sources

Severity

3.7LOWNVD

EPSS

0.2%

top 53.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Epolicy Orchestrator Oracle Corporation Java SE JDK AND JRE Oracle JDK

Timeline

PublishedJul 21

Latest updateMay 24

Description

Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Jav…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jreJava SE:7u301

▶NVDoracle/jdk1.7.0

▶NVDmcafee/epolicy_orchestrator< 5.10.0+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-3xjg-p34v-7jgf: Vulnerability in the Java SE product of Oracle Java SE (component: JNDI)↗2022-05-24

▶

CVEList

CVE-2021-2432: Vulnerability in the Java SE product of Oracle Java SE (component: JNDI)↗2021-07-20

▶

📋Vendor Advisories

Red Hat

JDK: unspecified vulnerability fixed in 7u311 (JNDI)↗2021-07-20

▶

Oracle

Oracle Oracle Java SE Risk Matrix: JNDI — CVE-2021-2432↗2021-07-15

▶

Debian

CVE-2021-2432: openjdk-11 - Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The su...↗2021

▶