Home

CVE-2021-35560

Description

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.643

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Java SE 8u301Windows
Multiple vulnerabilities affected in Java SE (x64) 8u301Windows
Multiple vulnerabilities are affected in Java SE Development Kit 8.0.3010.9Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.3010.9Windows
Multiple vulnerabilities are affected in Java SE Development Kit (x64) 8.0.3010Windows
Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 9.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.5Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.6Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 8.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0Windows
(RHSA-2021:5030) java-1.8.0-ibm security update java-1.8.0-ibm-1.8.0.7.0-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2021:5030) java-1.8.0-ibm security update java-1.8.0-ibm-demo-1.8.0.7.0-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2021:5030) java-1.8.0-ibm security update java-1.8.0-ibm-devel-1.8.0.7.0-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2021:5030) java-1.8.0-ibm security update java-1.8.0-ibm-jdbc-1.8.0.7.0-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2021:5030) java-1.8.0-ibm security update java-1.8.0-ibm-plugin-1.8.0.7.0-1jpp.1.el7.x86_64.rpmLinux
(RHSA-2021:5030) java-1.8.0-ibm security update java-1.8.0-ibm-src-1.8.0.7.0-1jpp.1.el7.x86_64.rpmLinux
SUSE-SU-2022:0107-1(SUSE Linux Enterprise Server 12-SP5 ) java-1_8_0-ibm-1.8.0_sr7.0-30.84.1.x86_64.rpmLinux
SUSE-SU-2022:0107-1(SUSE Linux Enterprise Server 12-SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1.x86_64.rpmLinux
SUSE-SU-2022:0107-1(SUSE Linux Enterprise Server 12-SP5 ) java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1.x86_64.rpmLinux
SUSE-SU-2022:0107-1(SUSE Linux Enterprise Server 12-SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-1.8.0.7.0-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-demo-1.8.0.7.0-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-devel-1.8.0.7.0-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-headless-1.8.0.7.0-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-jdbc-1.8.0.7.0-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-plugin-1.8.0.7.0-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-src-1.8.0.7.0-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0345) java-1.8.0-ibm security update java-1.8.0-ibm-webstart-1.8.0.7.0-1.el8_5.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-349781Java Runtime Environment 1.8 (8.0.4610.11) (Manual Upload Required)
PATCH-349782Java Runtime Environment 1.8 (x64) (8.0.4610.11) (Manual Upload Required)
PATCH-333702Java SE Development Kit 8 Update 391 (32-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)
PATCH-333701Java SE Development Kit 8 Update 391 (64-bit) (8.0.3910.13) (JDK) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234