Unrated severityNVD Advisory· Published Oct 20, 2021· Updated Aug 4, 2024

CVE-2021-35550

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected products

135

osv-coords134 versions
pkg:apk/chainguard/openjdk-11-openj9 pkg:apk/chainguard/openjdk-11-openj9-dbg pkg:apk/chainguard/openjdk-11-openj9-default-jdk pkg:apk/chainguard/openjdk-11-openj9-default-jvm pkg:apk/chainguard/openjdk-11-openj9-default-policy pkg:apk/chainguard/openjdk-11-openj9-doc pkg:apk/chainguard/openjdk-11-openj9-jmods pkg:apk/chainguard/openjdk-11-openj9-jre pkg:apk/chainguard/openjdk-17-openj9 pkg:apk/chainguard/openjdk-17-openj9-dbg pkg:apk/chainguard/openjdk-17-openj9-default-jdk pkg:apk/chainguard/openjdk-17-openj9-default-jvm pkg:apk/chainguard/openjdk-17-openj9-default-policy pkg:apk/chainguard/openjdk-17-openj9-doc pkg:apk/chainguard/openjdk-17-openj9-jmods pkg:apk/chainguard/openjdk-17-openj9-jre pkg:apk/chainguard/openjdk-21-openj9 pkg:apk/chainguard/openjdk-21-openj9-dbg pkg:apk/chainguard/openjdk-21-openj9-default-jdk pkg:apk/chainguard/openjdk-21-openj9-default-jvm pkg:apk/chainguard/openjdk-21-openj9-default-policy pkg:apk/chainguard/openjdk-21-openj9-doc pkg:apk/chainguard/openjdk-21-openj9-jmods pkg:apk/chainguard/openjdk-21-openj9-jre pkg:apk/chainguard/openjdk-8-openj9 pkg:apk/chainguard/openjdk-8-openj9-dbg pkg:apk/chainguard/openjdk-8-openj9-default-jdk pkg:apk/chainguard/openjdk-8-openj9-default-jvm pkg:apk/chainguard/openjdk-8-openj9-doc pkg:apk/chainguard/openjdk-8-openj9-jre pkg:bitnami/java pkg:bitnami/java-min pkg:bitnami/jre pkg:rpm/almalinux/java-11-openjdk pkg:rpm/almalinux/java-11-openjdk-demo pkg:rpm/almalinux/java-11-openjdk-demo-fastdebug pkg:rpm/almalinux/java-11-openjdk-demo-slowdebug pkg:rpm/almalinux/java-11-openjdk-devel pkg:rpm/almalinux/java-11-openjdk-devel-fastdebug pkg:rpm/almalinux/java-11-openjdk-devel-slowdebug pkg:rpm/almalinux/java-11-openjdk-fastdebug pkg:rpm/almalinux/java-11-openjdk-headless pkg:rpm/almalinux/java-11-openjdk-headless-fastdebug pkg:rpm/almalinux/java-11-openjdk-headless-slowdebug pkg:rpm/almalinux/java-11-openjdk-javadoc pkg:rpm/almalinux/java-11-openjdk-javadoc-zip pkg:rpm/almalinux/java-11-openjdk-jmods pkg:rpm/almalinux/java-11-openjdk-jmods-fastdebug pkg:rpm/almalinux/java-11-openjdk-jmods-slowdebug pkg:rpm/almalinux/java-11-openjdk-slowdebug pkg:rpm/almalinux/java-11-openjdk-src pkg:rpm/almalinux/java-11-openjdk-src-fastdebug pkg:rpm/almalinux/java-11-openjdk-src-slowdebug pkg:rpm/almalinux/java-11-openjdk-static-libs pkg:rpm/almalinux/java-11-openjdk-static-libs-fastdebug pkg:rpm/almalinux/java-11-openjdk-static-libs-slowdebug pkg:rpm/almalinux/java-1.8.0-openjdk pkg:rpm/almalinux/java-1.8.0-openjdk-accessibility pkg:rpm/almalinux/java-1.8.0-openjdk-accessibility-fastdebug pkg:rpm/almalinux/java-1.8.0-openjdk-accessibility-slowdebug pkg:rpm/almalinux/java-1.8.0-openjdk-demo pkg:rpm/almalinux/java-1.8.0-openjdk-demo-fastdebug pkg:rpm/almalinux/java-1.8.0-openjdk-demo-slowdebug pkg:rpm/almalinux/java-1.8.0-openjdk-devel pkg:rpm/almalinux/java-1.8.0-openjdk-devel-fastdebug pkg:rpm/almalinux/java-1.8.0-openjdk-devel-slowdebug pkg:rpm/almalinux/java-1.8.0-openjdk-fastdebug pkg:rpm/almalinux/java-1.8.0-openjdk-headless pkg:rpm/almalinux/java-1.8.0-openjdk-headless-fastdebug pkg:rpm/almalinux/java-1.8.0-openjdk-headless-slowdebug pkg:rpm/almalinux/java-1.8.0-openjdk-javadoc pkg:rpm/almalinux/java-1.8.0-openjdk-javadoc-zip pkg:rpm/almalinux/java-1.8.0-openjdk-slowdebug pkg:rpm/almalinux/java-1.8.0-openjdk-src pkg:rpm/almalinux/java-1.8.0-openjdk-src-fastdebug pkg:rpm/almalinux/java-1.8.0-openjdk-src-slowdebug pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/java-1_8_0-openjdk&distro=openSUSE%20Tumbleweed pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/java-1_7_0-openjdk&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/java-1_7_0-openjdk&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/java-1_8_0-openjdk&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP2 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.53.0-r0+ 133 more
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 1.7.0
- (no CPE)range: < 1.7.0
- (no CPE)range: < 1.7.0
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:11.0.13.0.8-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 1:1.8.0.312.b07-1.el8_4
- (no CPE)range: < 11.0.13.0-lp152.2.21.2
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-1.1
- (no CPE)range: < 1.8.0.312-lp152.3.12.1
- (no CPE)range: < 1.8.0.312-3.18.2
- (no CPE)range: < 1.8.0.312-lp152.2.18.2
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-1.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.33.2
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.33.2
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 11.0.13.0-3.65.1
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.7.0.321-43.53.2
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-3.58.2
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
- (no CPE)range: < 1.8.0.312-27.66.1
Oracle Corporation/Java SE JDK and JREv5
Range: Java SE:7u311

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTVCIVHTX3XONYOEGUMLKCM4QEC6INT/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJILEHYV2U37HKMGFEQ7CAVOV4DUWW2O/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V362B2BWTH5IJDL45QPQGMBKIQOG7JX5/mitrevendor-advisory
security.gentoo.org/glsa/202209-05mitrevendor-advisory
www.debian.org/security/2021/dsa-5000mitrevendor-advisory
lists.debian.org/debian-lts-announce/2021/11/msg00008.htmlmitremailing-list
security.netapp.com/advisory/ntap-20211022-0004/mitre
security.netapp.com/advisory/ntap-20240621-0006/mitre
www.oracle.com/security-alerts/cpuoct2021.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000