CVE-2021-2161

Name of the Vulnerable Software and Affected Versions Java SE versions 7u291, 8u281, 11.0.10, 16 Java SE Embedded version 8u281 Oracle GraalVM Enterprise Edition versions 19.3.5, 20.3.1.2, 21.0.0.2

Description The issue allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data. This issue applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified component.

Recommendations For Java SE versions 7u291, 8u281, 11.0.10, 16, update to a version that includes the fix for this issue. For Java SE Embedded version 8u281, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 19.3.5, 20.3.1.2, 21.0.0.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to APIs in the specified component to minimize the risk of exploitation.