CVE-2021-2161

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-2161
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-04-22 22:15:00 UTC
Updated2023-11-07 03:32:00 UTC
DescriptionVulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Operating System Fedoraproject Fedora 32 All All All
Operating System Fedoraproject Fedora 33 All All All
Operating System Fedoraproject Fedora 34 All All All
Application Mcafee Epolicy Orchestrator All All All All
Application Mcafee Epolicy Orchestrator 5.10.0 - All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_1 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_10 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_2 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_3 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_4 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_5 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_6 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_7 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_8 All All
Application Mcafee Epolicy Orchestrator 5.10.0 update_9 All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Active Iq Unified Manager - All All All
Hardware Netapp Hci Compute Node - All All All
Application Netapp Hci Management Node - All All All
Hardware Netapp Hci Storage Node - All All All
Application Netapp Solidfire - All All All
Application Oracle Graalvm 19.3.5 All All All
Application Oracle Graalvm 20.3.1.2 All All All
Application Oracle Graalvm 21.0.0.2 All All All
Application Oracle Jdk 1.7.0 update291 All All
Application Oracle Jdk 1.7.0 update_291 All All
Application Oracle Jdk 1.8.0 update281 All All
Application Oracle Jdk 1.8.0 update_281 All All
Application Oracle Jdk 11.0.10 All All All
Application Oracle Jdk 16.0.0 All All All
Application Oracle Jre 1.8.0 update281 All All
Application Oracle Jre 1.8.0 update_281 All All
Application Oracle Openjdk 16 All All All
Application Oracle Openjdk 7 - All All
Application Oracle Openjdk 7 update1 All All
Application Oracle Openjdk 7 update10 All All
Application Oracle Openjdk 7 update101 All All
Application Oracle Openjdk 7 update11 All All
Application Oracle Openjdk 7 update111 All All
Application Oracle Openjdk 7 update121 All All
Application Oracle Openjdk 7 update13 All All
Application Oracle Openjdk 7 update131 All All
Application Oracle Openjdk 7 update141 All All
Application Oracle Openjdk 7 update15 All All
Application Oracle Openjdk 7 update151 All All
Application Oracle Openjdk 7 update161 All All
Application Oracle Openjdk 7 update17 All All
Application Oracle Openjdk 7 update171 All All
Application Oracle Openjdk 7 update181 All All
Application Oracle Openjdk 7 update191 All All
Application Oracle Openjdk 7 update2 All All
Application Oracle Openjdk 7 update201 All All
Application Oracle Openjdk 7 update21 All All
Application Oracle Openjdk 7 update211 All All
Application Oracle Openjdk 7 update221 All All
Application Oracle Openjdk 7 update231 All All
Application Oracle Openjdk 7 update241 All All
Application Oracle Openjdk 7 update25 All All
Application Oracle Openjdk 7 update251 All All
Application Oracle Openjdk 7 update261 All All
Application Oracle Openjdk 7 update271 All All
Application Oracle Openjdk 7 update281 All All
Application Oracle Openjdk 7 update291 All All
Application Oracle Openjdk 7 update3 All All
Application Oracle Openjdk 7 update4 All All
Application Oracle Openjdk 7 update40 All All
Application Oracle Openjdk 7 update45 All All
Application Oracle Openjdk 7 update5 All All
Application Oracle Openjdk 7 update51 All All
Application Oracle Openjdk 7 update55 All All
Application Oracle Openjdk 7 update6 All All
Application Oracle Openjdk 7 update60 All All
Application Oracle Openjdk 7 update65 All All
Application Oracle Openjdk 7 update67 All All
Application Oracle Openjdk 7 update7 All All
Application Oracle Openjdk 7 update72 All All
Application Oracle Openjdk 7 update76 All All
Application Oracle Openjdk 7 update80 All All
Application Oracle Openjdk 7 update85 All All
Application Oracle Openjdk 7 update9 All All
Application Oracle Openjdk 7 update91 All All
Application Oracle Openjdk 7 update95 All All
Application Oracle Openjdk 7 update97 All All
Application Oracle Openjdk 7 update99 All All
Application Oracle Openjdk 8 - All All
Application Oracle Openjdk 8 milestone1 All All
Application Oracle Openjdk 8 milestone2 All All
Application Oracle Openjdk 8 milestone3 All All
Application Oracle Openjdk 8 milestone4 All All
Application Oracle Openjdk 8 milestone5 All All
Application Oracle Openjdk 8 milestone6 All All
Application Oracle Openjdk 8 milestone7 All All
Application Oracle Openjdk 8 milestone8 All All
Application Oracle Openjdk 8 milestone9 All All
Application Oracle Openjdk 8 update101 All All
Application Oracle Openjdk 8 update102 All All
Application Oracle Openjdk 8 update11 All All
Application Oracle Openjdk 8 update111 All All
Application Oracle Openjdk 8 update112 All All
Application Oracle Openjdk 8 update121 All All
Application Oracle Openjdk 8 update131 All All
Application Oracle Openjdk 8 update141 All All
Application Oracle Openjdk 8 update151 All All
Application Oracle Openjdk 8 update152 All All
Application Oracle Openjdk 8 update161 All All
Application Oracle Openjdk 8 update162 All All
Application Oracle Openjdk 8 update171 All All
Application Oracle Openjdk 8 update172 All All
Application Oracle Openjdk 8 update181 All All
Application Oracle Openjdk 8 update191 All All
Application Oracle Openjdk 8 update192 All All
Application Oracle Openjdk 8 update20 All All
Application Oracle Openjdk 8 update201 All All
Application Oracle Openjdk 8 update202 All All
Application Oracle Openjdk 8 update211 All All
Application Oracle Openjdk 8 update212 All All
Application Oracle Openjdk 8 update221 All All
Application Oracle Openjdk 8 update222 All All
Application Oracle Openjdk 8 update231 All All
Application Oracle Openjdk 8 update232 All All
Application Oracle Openjdk 8 update241 All All
Application Oracle Openjdk 8 update242 All All
Application Oracle Openjdk 8 update25 All All
Application Oracle Openjdk 8 update252 All All
Application Oracle Openjdk 8 update262 All All
Application Oracle Openjdk 8 update271 All All
Application Oracle Openjdk 8 update281 All All
Application Oracle Openjdk 8 update282 All All
Application Oracle Openjdk 8 update31 All All
Application Oracle Openjdk 8 update40 All All
Application Oracle Openjdk 8 update45 All All
Application Oracle Openjdk 8 update5 All All
Application Oracle Openjdk 8 update51 All All
Application Oracle Openjdk 8 update60 All All
Application Oracle Openjdk 8 update65 All All
Application Oracle Openjdk 8 update66 All All
Application Oracle Openjdk 8 update71 All All
Application Oracle Openjdk 8 update72 All All
Application Oracle Openjdk 8 update73 All All
Application Oracle Openjdk 8 update74 All All
Application Oracle Openjdk 8 update77 All All
Application Oracle Openjdk 8 update91 All All
Application Oracle Openjdk 8 update92 All All
Application Oracle Openjdk All All All All
Application Oracle Openjdk All All All All
Application Oracle Openjdk All All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc33 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
OpenJDK: Multiple Vulnerabilities (GLSA 202209-05) — Gentoo security GENTOO security.gentoo.org
April 2021 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.11.0.9-0.fc32 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.11.0.9-0.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Oracle Critical Patch Update Advisory - April 2021 MISC www.oracle.com
Security Bulletin - ePolicy Orchestrator update addresses two product vulnerabilities (CVE-2021-31834 and CVE-2021-31835) and updates Java, OpenSSL, and Tomcat CONFIRM kc.mcafee.com
[SECURITY] Fedora 34 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Debian -- Security Information -- DSA-4899-1 openjdk-11 DEBIAN www.debian.org
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc32 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Azul Platform Core MISC docs.azul.com
[SECURITY] [DLA 2634-1] openjdk-8 security update MLIST lists.debian.org
[SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc32 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 33 Update: java-11-openjdk-11.0.11.0.9-0.fc33 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.11.0.9-0.fc34 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 34 Update: java-11-openjdk-11.0.11.0.9-0.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 32 Update: java-11-openjdk-11.0.11.0.9-0.fc32 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 34 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 174943 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2021:1314-1)
  • 174994 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2021:1554-1)
  • 178563 Debian Security Update for openjdk-11 (DSA 4899-1)
  • 178646 Debian Security Update for openjdk-8 (DLA 2634-1)
  • 281089 Fedora Security Update for OpenJDK 11.0.11 Security Update for Fedora 33 (FEDORA-2021-6eb9bbbf0c)
  • 281090 Fedora Security Update for OpenJDK 8u292 Security Update for Fedora 32 (FEDORA-2021-f71b592e07)
  • 281269 Fedora Security Update for java (FEDORA-2021-65aa196c14)
  • 281270 Fedora Security Update for java (FEDORA-2021-6eb9bbbf0c)
  • 281271 Fedora Security Update for java (FEDORA-2021-25b47f16af)
  • 281272 Fedora Security Update for java (FEDORA-2021-8b80ef64f1)
  • 281273 Fedora Security Update for java (FEDORA-2021-f71b592e07)
  • 296067 Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)
  • 375477 Oracle Java SE Critical Patch Update - April 2021 (CPUAPR2021)
  • 375604 IBM WebSphere Application Server Java SDK vulnerability (6454853)
  • 375816 Azul Java Multiple Vulnerabilities Security Update April2021
  • 375985 Amazon Corretto Critical Patch Update (APR2021)
  • 376191 IBM Data Studio Client Security Update (6523374)
  • 376423 Adopt OpenJDK Vulnerability Advisory: 2021/04/20
  • 378129 Red Hat OpenJDK 8u292 Windows Builds release and Security Update (RHSA-2021:1445)
  • 378133 Red Hat OpenJDK 11.0.11 Security Update for Windows Builds (RHSA-2021:1447)
  • 501892 Alpine Linux Security Update for openjdk7
  • 670542 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-2300)
  • 670577 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-2335)
  • 670631 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-2389)
  • 671053 EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2021-2587)
  • 710615 Gentoo Linux Open Java Development Toolkit (OpenJDK) Multiple Vulnerabilities (GLSA 202209-05)
  • 730121 McAfee Web Gateway Multiple Vulnerabilities (WP-3484,WP-3744,WP-3745,WP-3746,WP-3747,WP-3793,WP-3800)
  • 750193 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:0776-1)
  • 750215 OpenSUSE Security Update for java-11-openjdk (openSUSE-SU-2021:0719-1)
  • 750654 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2021:1980-1)
  • 750656 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2021:1989-1)
  • 750722 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2021:0933-1)
  • 750799 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2021:1989-1)
  • 750803 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:1666-1)
  • 750983 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2021:2797-1)
  • 750988 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2021:2798-1)
  • 751006 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2021:1176-1)
  • 751010 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2021:2798-1)
  • 751121 SUSE Enterprise Linux Security Update for java-1_7_0-openJava Development Toolkit (SUSE-SU-2021:3007-1)
  • 751326 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:1455-1)
  • 751329 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:3615-1)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report