NVD – CVE-2021-2369

ByPR 24



CVE-2021-2369
Detail

Current Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).


View Analysis Description

Severity


CVSS 3.x Severity and Metrics:

References to Advisories, Solutions, and Tools


By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to nvd@nist.gov.

Weakness Enumeration









CWE-ID CWE Name Source


NVD-CWE-noinfo 		Insufficient Information

cwe source acceptance level

NIST  

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-2369
NVD
Published Date:
07/21/2021
NVD
Last Modified:
07/23/2021

Source:
Oracle


Similar Posts

VMware Discloses Severe Vulnerabilities That Need ‘Immediate Attention’

VMware Discloses Severe Vulnerabilities That Need ‘Immediate Attention’

ByPR 24

VMware has disclosed a pair of vulnerabilities impacting vCenter Server, a centralized management software for VMware vSphere systems. The most severe flaw, CVE-2021-21985, is a remote code execution vulnerability in vSphere Client, assigned a CVSSv3 score of 9.8   To exploit this vulnerability, an attacker would need to be able to access vCenter Server over port…

Poly Network hacker returns $342m of stolen assets

Poly Network hacker returns $342m of stolen assets

ByPR 24

Image: Shutterstock via Dennis Hacker states that they are “not very interested in money” Print Print Pro Read More: cryptocurrency cybersecurity Poly Network security The hacker behind what is considered to be the biggest cryptocurrency heist in history has now returned $342 million worth of stolen assets. This is according to Poly Network, a blockchain…

McDonald’s discloses data breach after theft of customer, employee info

ByPR 24

Image: Alex Motoc McDonald’s, the largest fast-food chain globally, has disclosed a data breach after hackers breached its systems and stole information belonging to customers and employees from the US, South Korea, and Taiwan. As the world’s global foodservice retailer, McDonald’s serves almost hundreds of millions of customers every day in more than 39,000 locations…

CVE-2021-2234 – Alert Detail – Security Database

CVE-2021-2234 – Alert Detail – Security Database

ByPR 24

Executive Summary Informations Name CVE-2021-2234 First vendor Publication 2021-04-22 Vendor Cve Last vendor Modification 2021-04-22 Security-Database Scoring CVSS v3 Cvss vector : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Overall CVSS Score 5.3 Base Score 5.3 Environmental Score 5.3 impact SubScore 3.6 Temporal Score 5.3 Exploitabality Sub Score 1.6   Attack Vector Network Attack Complexity High Privileges Required Low User Interaction…

Microsoft Issues PrintNightmare Security Update

Microsoft Issues PrintNightmare Security Update

ByPR 24

Governance & Risk Management , IT Risk Management , Patch Management Company Also Updates Risk Mitigation Advice Prajeet Nair (@prajeetspeaks) • July 6, 2021     Install updates now or disconnect Print Spooler to mitigate PrintNightmare vulnerability. (Source: Wikihow) This story has been updated. See Also: Live Panel | Zero Trusts Given- Harnessing the Value…

Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update – TechCrunch

Passwordstate users warned to ‘reset all passwords’ after attackers plant malicious update – TechCrunch

ByPR 24

Click Studios, the Australian software house that develops the enterprise password manager Passwordstate, has warned customers to reset passwords across their organizations after a cyberattack on the password manager. An email sent by Click Studios to customers said the company had confirmed that attackers had “compromised” the password manager’s software update feature in order to…