Description: | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Libraries).
Supported versions that are affected are Java SE: 7u291, 8u281,
11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise
Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit
vulnerability allows unauthenticated attacker with network access via
multiple protocols to compromise Java SE, Java SE Embedded, Oracle
GraalVM Enterprise Edition. Successful attacks of this vulnerability
can result in unauthorized creation, deletion or modification access
to critical data or all Java SE, Java SE Embedded, Oracle GraalVM
Enterprise Edition accessible data. Note: This vulnerability applies
to Java deployments that load and run untrusted code (e.g., code that
comes from the internet) and rely on the Java sandbox for security. It
can also be exploited by supplying untrusted data to APIs in the
specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
|