CVE-2021-35560Corporation Java SE JDK AND JRE vulnerability

6 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netapp E-series Santricity OS ControllerOracle Corporation Java SE JDK AND JREOracle Openjdk
Timeline
PublishedOct 20
Latest updateMay 24

Description

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in cl

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-q6fp-hjwx-q999: Vulnerability in the Java SE product of Oracle Java SE (component: Deployment)2022-05-24
CVEList
CVE-2021-35560: Vulnerability in the Java SE product of Oracle Java SE (component: Deployment)2021-10-20

📋Vendor Advisories

3
Red Hat
JDK: unspecified vulnerability fixed in 8u311 (Deployment)2021-10-19
Oracle
Oracle Oracle Java SE Risk Matrix: Deployment — CVE-2021-355602021-10-15
Debian
CVE-2021-35560: openjdk-8 - Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). ...2021
CVE-2021-35560 — HIGH severity | cvebase