CVE-2021-35603

CWE-2038 documents8 sources
Severity
3.7LOW
EPSS
0.1%
top 68.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Netapp E-series Santricity OS ControllerOracle Corporation Java SE JDK AND JREDebian Debian Linux+3 more
Timeline
PublishedOct 20
Latest updateMay 24

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Ora

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages6 packages

NVDoracle/graalvm20.3.3, 21.2.0+1
NVDoracle/openjdk4 versions+3
Debianopenjdk-11< 11.0.13+8-1~deb11u1
Debianopenjdk-17< 17.0.1+12-1+deb11u2+1

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 33, 34, 35

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-8272-q9p2-v9j7: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)2022-05-24
OSV
CVE-2021-35603: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)2021-10-20
CVEList
CVE-2021-35603: Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)2021-10-20

📋Vendor Advisories

4
Ubuntu
OpenJDK vulnerabilities2021-12-17
Red Hat
OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)2021-10-19
Oracle
Oracle Oracle Java SE Risk Matrix: JSSE — CVE-2021-356032021-10-15
Debian
CVE-2021-35603: openjdk-11 - Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracl...2021