Description: | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM
Enterprise Edition product of Oracle Java SE (component: Libraries).
Supported versions that are affected are Java SE: 7u291, 8u281,
11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise
Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit
vulnerability allows unauthenticated attacker with network access via
multiple protocols to compromise Java SE, Java SE Embedded, Oracle
GraalVM Enterprise Edition. Successful attacks require human
interaction from a person other than the attacker. Successful attacks
of this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Java SE, Java SE Embedded,
Oracle GraalVM Enterprise Edition accessible data. Note: This
vulnerability applies to Java deployments that load and run untrusted
code (e.g., code that comes from the internet) and rely on the Java
sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts).
CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).
|