CVE-2021-35588Improper Input Validation in Corporation Java SE JDK AND JRE

CWE-20Improper Input Validation8 documents8 sources
Severity
3.1LOWNVD
EPSS
0.2%
top 62.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Netapp E-series Santricity OS ControllerOracle Corporation Java SE JDK AND JREDebian Linux+3 more
Timeline
PublishedOct 20
Latest updateMay 24

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

NVDoracle/graalvm20.3.3, 21.2.0+1
NVDoracle/openjdk7, 8+1

Also affects: Debian Linux 9.0, Fedora 33, 34, 35

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-7rph-qx8r-r9gw: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)2022-05-24
CVEList
CVE-2021-35588: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)2021-10-20
OSV
CVE-2021-35588: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot)2021-10-20

📋Vendor Advisories

4
Ubuntu
OpenJDK vulnerabilities2021-12-17
Red Hat
OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071)2021-10-19
Oracle
Oracle Oracle Java SE Risk Matrix: Hotspot — CVE-2021-355882021-10-15
Debian
CVE-2021-35588: openjdk-8 - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracl...2021
CVE-2021-35588 — Improper Input Validation | cvebase