CVE-2021-2432

Name of the Vulnerable Software and Affected Versions Java SE version 7u301

Description The issue is related to the JNDI component and can be exploited by an unauthenticated attacker with network access via multiple protocols, potentially leading to a partial denial of service (DOS) of Java SE. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component, for example, via a web service supplying data to the APIs.

Recommendations For Java SE version 7u301, consider disabling the JNDI component or restricting its use until a patch is available. As a temporary workaround, avoid using APIs in the JNDI component that may be vulnerable to exploitation. Restrict access to web services that supply data to the JNDI APIs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.