CVE-2021-2163
Summary
| CVE | CVE-2021-2163 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-04-22 22:15:00 UTC |
| Updated | 2023-11-07 03:32:00 UTC |
| Description | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Hardware | Netapp | Hci Storage Node | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Oracle | Graalvm | 19.3.5 | All | All | All |
| Application | Oracle | Graalvm | 20.3.1.2 | All | All | All |
| Application | Oracle | Graalvm | 21.0.0.2 | All | All | All |
| Application | Oracle | Jdk | 1.7.0 | update291 | All | All |
| Application | Oracle | Jdk | 1.7.0 | update_291 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update281 | All | All |
| Application | Oracle | Jdk | 1.8.0 | update_281 | All | All |
| Application | Oracle | Jdk | 11.0.10 | All | All | All |
| Application | Oracle | Jdk | 16.0.0 | All | All | All |
| Application | Oracle | Jre | 1.8.0 | update281 | All | All |
| Application | Oracle | Jre | 1.8.0 | update_281 | All | All |
| Application | Oracle | Openjdk | 16 | All | All | All |
| Application | Oracle | Openjdk | 7 | - | All | All |
| Application | Oracle | Openjdk | 7 | update1 | All | All |
| Application | Oracle | Openjdk | 7 | update10 | All | All |
| Application | Oracle | Openjdk | 7 | update101 | All | All |
| Application | Oracle | Openjdk | 7 | update11 | All | All |
| Application | Oracle | Openjdk | 7 | update111 | All | All |
| Application | Oracle | Openjdk | 7 | update121 | All | All |
| Application | Oracle | Openjdk | 7 | update13 | All | All |
| Application | Oracle | Openjdk | 7 | update131 | All | All |
| Application | Oracle | Openjdk | 7 | update141 | All | All |
| Application | Oracle | Openjdk | 7 | update15 | All | All |
| Application | Oracle | Openjdk | 7 | update151 | All | All |
| Application | Oracle | Openjdk | 7 | update161 | All | All |
| Application | Oracle | Openjdk | 7 | update17 | All | All |
| Application | Oracle | Openjdk | 7 | update171 | All | All |
| Application | Oracle | Openjdk | 7 | update181 | All | All |
| Application | Oracle | Openjdk | 7 | update191 | All | All |
| Application | Oracle | Openjdk | 7 | update2 | All | All |
| Application | Oracle | Openjdk | 7 | update201 | All | All |
| Application | Oracle | Openjdk | 7 | update21 | All | All |
| Application | Oracle | Openjdk | 7 | update211 | All | All |
| Application | Oracle | Openjdk | 7 | update221 | All | All |
| Application | Oracle | Openjdk | 7 | update231 | All | All |
| Application | Oracle | Openjdk | 7 | update241 | All | All |
| Application | Oracle | Openjdk | 7 | update25 | All | All |
| Application | Oracle | Openjdk | 7 | update251 | All | All |
| Application | Oracle | Openjdk | 7 | update261 | All | All |
| Application | Oracle | Openjdk | 7 | update271 | All | All |
| Application | Oracle | Openjdk | 7 | update281 | All | All |
| Application | Oracle | Openjdk | 7 | update291 | All | All |
| Application | Oracle | Openjdk | 7 | update3 | All | All |
| Application | Oracle | Openjdk | 7 | update4 | All | All |
| Application | Oracle | Openjdk | 7 | update40 | All | All |
| Application | Oracle | Openjdk | 7 | update45 | All | All |
| Application | Oracle | Openjdk | 7 | update5 | All | All |
| Application | Oracle | Openjdk | 7 | update51 | All | All |
| Application | Oracle | Openjdk | 7 | update55 | All | All |
| Application | Oracle | Openjdk | 7 | update6 | All | All |
| Application | Oracle | Openjdk | 7 | update60 | All | All |
| Application | Oracle | Openjdk | 7 | update65 | All | All |
| Application | Oracle | Openjdk | 7 | update67 | All | All |
| Application | Oracle | Openjdk | 7 | update7 | All | All |
| Application | Oracle | Openjdk | 7 | update72 | All | All |
| Application | Oracle | Openjdk | 7 | update76 | All | All |
| Application | Oracle | Openjdk | 7 | update80 | All | All |
| Application | Oracle | Openjdk | 7 | update85 | All | All |
| Application | Oracle | Openjdk | 7 | update9 | All | All |
| Application | Oracle | Openjdk | 7 | update91 | All | All |
| Application | Oracle | Openjdk | 7 | update95 | All | All |
| Application | Oracle | Openjdk | 7 | update97 | All | All |
| Application | Oracle | Openjdk | 7 | update99 | All | All |
| Application | Oracle | Openjdk | 8 | - | All | All |
| Application | Oracle | Openjdk | 8 | milestone1 | All | All |
| Application | Oracle | Openjdk | 8 | milestone2 | All | All |
| Application | Oracle | Openjdk | 8 | milestone3 | All | All |
| Application | Oracle | Openjdk | 8 | milestone4 | All | All |
| Application | Oracle | Openjdk | 8 | milestone5 | All | All |
| Application | Oracle | Openjdk | 8 | milestone6 | All | All |
| Application | Oracle | Openjdk | 8 | milestone7 | All | All |
| Application | Oracle | Openjdk | 8 | milestone8 | All | All |
| Application | Oracle | Openjdk | 8 | milestone9 | All | All |
| Application | Oracle | Openjdk | 8 | update101 | All | All |
| Application | Oracle | Openjdk | 8 | update102 | All | All |
| Application | Oracle | Openjdk | 8 | update11 | All | All |
| Application | Oracle | Openjdk | 8 | update111 | All | All |
| Application | Oracle | Openjdk | 8 | update112 | All | All |
| Application | Oracle | Openjdk | 8 | update121 | All | All |
| Application | Oracle | Openjdk | 8 | update131 | All | All |
| Application | Oracle | Openjdk | 8 | update141 | All | All |
| Application | Oracle | Openjdk | 8 | update151 | All | All |
| Application | Oracle | Openjdk | 8 | update152 | All | All |
| Application | Oracle | Openjdk | 8 | update161 | All | All |
| Application | Oracle | Openjdk | 8 | update162 | All | All |
| Application | Oracle | Openjdk | 8 | update171 | All | All |
| Application | Oracle | Openjdk | 8 | update172 | All | All |
| Application | Oracle | Openjdk | 8 | update181 | All | All |
| Application | Oracle | Openjdk | 8 | update191 | All | All |
| Application | Oracle | Openjdk | 8 | update192 | All | All |
| Application | Oracle | Openjdk | 8 | update20 | All | All |
| Application | Oracle | Openjdk | 8 | update201 | All | All |
| Application | Oracle | Openjdk | 8 | update202 | All | All |
| Application | Oracle | Openjdk | 8 | update211 | All | All |
| Application | Oracle | Openjdk | 8 | update212 | All | All |
| Application | Oracle | Openjdk | 8 | update221 | All | All |
| Application | Oracle | Openjdk | 8 | update222 | All | All |
| Application | Oracle | Openjdk | 8 | update231 | All | All |
| Application | Oracle | Openjdk | 8 | update232 | All | All |
| Application | Oracle | Openjdk | 8 | update241 | All | All |
| Application | Oracle | Openjdk | 8 | update242 | All | All |
| Application | Oracle | Openjdk | 8 | update25 | All | All |
| Application | Oracle | Openjdk | 8 | update252 | All | All |
| Application | Oracle | Openjdk | 8 | update262 | All | All |
| Application | Oracle | Openjdk | 8 | update271 | All | All |
| Application | Oracle | Openjdk | 8 | update281 | All | All |
| Application | Oracle | Openjdk | 8 | update282 | All | All |
| Application | Oracle | Openjdk | 8 | update31 | All | All |
| Application | Oracle | Openjdk | 8 | update40 | All | All |
| Application | Oracle | Openjdk | 8 | update45 | All | All |
| Application | Oracle | Openjdk | 8 | update5 | All | All |
| Application | Oracle | Openjdk | 8 | update51 | All | All |
| Application | Oracle | Openjdk | 8 | update60 | All | All |
| Application | Oracle | Openjdk | 8 | update65 | All | All |
| Application | Oracle | Openjdk | 8 | update66 | All | All |
| Application | Oracle | Openjdk | 8 | update71 | All | All |
| Application | Oracle | Openjdk | 8 | update72 | All | All |
| Application | Oracle | Openjdk | 8 | update73 | All | All |
| Application | Oracle | Openjdk | 8 | update74 | All | All |
| Application | Oracle | Openjdk | 8 | update77 | All | All |
| Application | Oracle | Openjdk | 8 | update91 | All | All |
| Application | Oracle | Openjdk | 8 | update92 | All | All |
| Application | Oracle | Openjdk | All | All | All | All |
| Application | Oracle | Openjdk | All | All | All | All |
| Application | Oracle | Openjdk | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| OpenJDK: Multiple Vulnerabilities (GLSA 202209-05) — Gentoo security | GENTOO | security.gentoo.org | |
| April 2021 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 32 Update: java-11-openjdk-11.0.11.0.9-0.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 33 Update: java-11-openjdk-11.0.11.0.9-0.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Oracle Critical Patch Update Advisory - April 2021 | MISC | www.oracle.com | |
| [SECURITY] Fedora 34 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Debian -- Security Information -- DSA-4899-1 openjdk-11 | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] [DLA 2634-1] openjdk-8 security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 33 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 33 Update: java-11-openjdk-11.0.11.0.9-0.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: java-11-openjdk-11.0.11.0.9-0.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: java-11-openjdk-11.0.11.0.9-0.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: java-11-openjdk-11.0.11.0.9-0.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: java-1.8.0-openjdk-1.8.0.292.b10-0.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159151 Oracle Enterprise Linux Security Update for java-11-openjdk (ELSA-2021-1297)
- 159152 Oracle Enterprise Linux Security Update for java-1.8.0-openjdk (ELSA-2021-1298)
- 159153 Oracle Enterprise Linux Security Update for java-1.8.0-openjdk (ELSA-2021-1301)
- 159154 Oracle Enterprise Linux Security Update for java-11-openjdk (ELSA-2021-1307)
- 174943 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2021:1314-1)
- 174994 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2021:1554-1)
- 178646 Debian Security Update for openjdk-8 (DLA 2634-1)
- 180407 Debian Security Update for openjdk-17openjdk-11 (CVE-2021-2163)
- 198345 Ubuntu Security Notification for OpenJDK vulnerability (USN-4892-1)
- 239227 Red Hat Update for java-1.8.0-openjdk (RHSA-2021:1315)
- 239229 Red Hat Update for java-11-openjdk (RHSA-2021:1307)
- 239230 Red Hat Update for java-11-openjdk (RHSA-2021:1306)
- 239231 Red Hat Update for java-11-openjdk (RHSA-2021:1305)
- 239232 Red Hat Update for java-1.8.0-openjdk (RHSA-2021:1301)
- 239233 Red Hat Update for java-1.8.0-openjdk (RHSA-2021:1299)
- 239234 Red Hat Update for java-1.8.0-openjdk (RHSA-2021:1298)
- 239235 Red Hat Update for java-11-openjdk (RHSA-2021:1297)
- 240697 Red Hat Update for java-1.7.1-ibm (RHSA-2022:6755)
- 240699 Red Hat Update for java-1.8.0-ibm (RHSA-2022:6756)
- 240774 Red Hat Update for java-1.8.0-ibm (RHSA-2022:6735)
- 257079 CentOS Security Update for java-11-openjdk (CESA-2021:1297)
- 257080 CentOS Security Update for java-1.8.0-openjdk (CESA-2021:1298)
- 281089 Fedora Security Update for OpenJDK 11.0.11 Security Update for Fedora 33 (FEDORA-2021-6eb9bbbf0c)
- 281090 Fedora Security Update for OpenJDK 8u292 Security Update for Fedora 32 (FEDORA-2021-f71b592e07)
- 281269 Fedora Security Update for java (FEDORA-2021-65aa196c14)
- 281270 Fedora Security Update for java (FEDORA-2021-6eb9bbbf0c)
- 281271 Fedora Security Update for java (FEDORA-2021-25b47f16af)
- 281272 Fedora Security Update for java (FEDORA-2021-8b80ef64f1)
- 281273 Fedora Security Update for java (FEDORA-2021-f71b592e07)
- 296067 Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)
- 330129 IBM AIX Java Multiple Vulnerabilities (java_dec2022_advisory)
- 352476 Amazon Linux Security Advisory for java-1.8.0-openjdk: ALAS-2021-1515
- 375477 Oracle Java SE Critical Patch Update - April 2021 (CPUAPR2021)
- 375816 Azul Java Multiple Vulnerabilities Security Update April2021
- 375985 Amazon Corretto Critical Patch Update (APR2021)
- 376423 Adopt OpenJDK Vulnerability Advisory: 2021/04/20
- 377379 Alibaba Cloud Linux Security Update for java-11-openjdk (ALINUX3-SA-2021:0032)
- 377419 Alibaba Cloud Linux Security Update for java-1.8.0-openjdk (ALINUX3-SA-2021:0031)
- 377431 Alibaba Cloud Linux Security Update for java-1.8.0-openjdk (ALINUX2-SA-2021:0022)
- 377501 Alibaba Cloud Linux Security Update for java-11-openjdk (ALINUX2-SA-2021:0021)
- 377809 F5 BIG-IP Java Vulnerability CVE-2021-2163 (K71522481)
- 378129 Red Hat OpenJDK 8u292 Windows Builds release and Security Update (RHSA-2021:1445)
- 378133 Red Hat OpenJDK 11.0.11 Security Update for Windows Builds (RHSA-2021:1447)
- 378589 IBM MQ Java Standard Edition (SE) Multiple Vulnerabilities (6853375)
- 501892 Alpine Linux Security Update for openjdk7
- 710615 Gentoo Linux Open Java Development Toolkit (OpenJDK) Multiple Vulnerabilities (GLSA 202209-05)
- 730121 McAfee Web Gateway Multiple Vulnerabilities (WP-3484,WP-3744,WP-3745,WP-3746,WP-3747,WP-3793,WP-3800)
- 750193 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:0776-1)
- 750215 OpenSUSE Security Update for java-11-openjdk (openSUSE-SU-2021:0719-1)
- 750654 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2021:1980-1)
- 750656 SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2021:1989-1)
- 750722 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2021:0933-1)
- 750799 OpenSUSE Security Update for java-1_8_0-openjdk (openSUSE-SU-2021:1989-1)
- 750803 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:1666-1)
- 751121 SUSE Enterprise Linux Security Update for java-1_7_0-openJava Development Toolkit (SUSE-SU-2021:3007-1)
- 751326 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:1455-1)
- 751329 OpenSUSE Security Update for java-1_8_0-openj9 (openSUSE-SU-2021:3615-1)
- 751608 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:0107-1)
- 751612 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:0108-1)
- 751618 OpenSUSE Security Update for java-1_8_0-ibm (openSUSE-SU-2022:0108-1)
- 751641 SUSE Enterprise Linux Security Update for java-1_7_1-ibm (SUSE-SU-2022:0166-1)
- 753215 SUSE Enterprise Linux Security Update for java-1_7_1-ibm (SUSE-SU-2022:14875-1)
- 940015 AlmaLinux Security Update for java-1.8.0-openjdk (ALSA-2021:1301)
- 940278 AlmaLinux Security Update for java-11-openjdk (ALSA-2021:1307)