CVE-2021-35565

2021-10-2010:50:12

oracle

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

JSON

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Java SE JDK and JRE",
    "versions": [
      {
        "version": "Java SE:7u311",
        "status": "affected"
      },
      {
        "version": "Java SE:8u301",
        "status": "affected"
      },
      {
        "version": "Java SE:11.0.12",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:20.3.3",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:21.2.0",
        "status": "affected"
      }
    ]
  }
]