NVD – CVE-2021-2369

ByPR 24



CVE-2021-2369
Detail

Current Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).


View Analysis Description

Severity


CVSS 3.x Severity and Metrics:

References to Advisories, Solutions, and Tools


By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to nvd@nist.gov.

Weakness Enumeration









CWE-ID CWE Name Source


NVD-CWE-noinfo 		Insufficient Information

cwe source acceptance level

NIST  

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-2369
NVD
Published Date:
07/21/2021
NVD
Last Modified:
07/23/2021

Source:
Oracle


Similar Posts

Facebook Used by Chinese Hackers to Target Uighurs Abroad With Malware Links, Company Says

Facebook Used by Chinese Hackers to Target Uighurs Abroad With Malware Links, Company Says

ByPR 24

Facebook said on Wednesday it had blocked a group of hackers in China who used the platform to target Uighurs living abroad with links to malware that would infect their devices and enable surveillance. The social media company said the hackers, known as Earth Empusa or Evil Eye in the security industry, targeted activists, journalists, and…

FBI, CISA Release Joint Cyber Advisory Warning of Fortinet Vulnerability – MeriTalk

FBI, CISA Release Joint Cyber Advisory Warning of Fortinet Vulnerability – MeriTalk

ByPR 24

The FBI and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) are warning about advanced persistent threat (APT) actors exploiting a Fortinet vulnerability to gain access to government and other networks, according to an April 2 joint advisory. The joint advisory warns that APT actors are trying to utilize common vulnerabilities…

CVE-2021-22330

CVE-2021-22330

ByPR 24

There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input….

Toshiba unit hacked by DarkSide, conglomerate to undergo strategic review

Toshiba unit hacked by DarkSide, conglomerate to undergo strategic review

ByPR 24

A Toshiba Corp (6502.T) unit said it was hacked by the DarkSide ransomware group, overshadowing an announcement of a strategic review for the Japanese conglomerate under pressure from activist shareholders to seek out suitors. Toshiba Tec Corp (6588.T), which makes products such as bar code printers and is valued at $2.3 billion, was hacked by…

Constant Contact Email Service Used in Phishing Attack

Constant Contact Email Service Used in Phishing Attack

ByPR 24

Softpedia News / Security 1. June 2021 This article has been indexed from Softpedia News / Security Nobelium, the Russian hacking group responsible for last year’s big SolarWinds hack, has struck again. This time, it used cloud email marketing firm Constant Contact in a phishing attempt that compromised 3,000 email accounts across 150 companies, according…