PT-2021-7853 · Oracle+11 · Java Se+13

Published

2021-10-19

·

Updated

2026-05-08

·

CVE-2021-35556

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Java SE versions 7u311, 8u301, 11.0.12, 17 Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0
Description The issue is related to the Swing component in Java SE and Oracle GraalVM Enterprise Edition, allowing an unauthenticated attacker with network access via multiple protocols to compromise the system. Successful attacks can result in a partial denial of service (partial DOS). This vulnerability applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets.
Recommendations For Java SE versions 7u311, 8u301, 11.0.12, 17, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Swing component until a patch is available.

Fix

Allocation of Resources Without Limits

RCE

Weakness Enumeration

CWE-770CWE-20

Related Identifiers

ALSA-2021:3891
ALSA-2021:3893
ALSA-2021:4135
ALT-PU-2022-7655
BDU:2023-03699
BIT-JAVA-2021-35556
BIT-JAVA-MIN-2021-35556
BIT-JRE-2021-35556
CESA-2021_3889
CESA-2021_3891
CESA-2021_3892
CESA-2021_3893
CESA-2021_4135
CESA-2022_0345
CVE-2021-35556
DLA-2814-1
DSA-5000-1
DSA-5000-2
DSA-5012-1
MGASA-2021-0542
OESA-2022-1702
OESA-2022-1813
OESA-2022-1815
OPENSUSE-SU-2021:1455-1
OPENSUSE-SU-2021:1480-1
OPENSUSE-SU-2021:1500-1
OPENSUSE-SU-2021:3615-1
OPENSUSE-SU-2021:3671-1
OPENSUSE-SU-2021:3770-1
OPENSUSE-SU-2021_1455-1
OPENSUSE-SU-2021_1480-1
OPENSUSE-SU-2021_1500-1
OPENSUSE-SU-2021_3615-1
OPENSUSE-SU-2021_3671-1
OPENSUSE-SU-2021_3770-1
OPENSUSE-SU-2022:0108-1
OPENSUSE-SU-2022_0108-1
OPENSUSE-SU-2024:11583-1
OPENSUSE-SU-2024:11584-1
OPENSUSE-SU-2024:11587-1
OPENSUSE-SU-2024:11588-1
OPENSUSE-SU-2024:11612-1
RHSA-2021:3884
RHSA-2021:3885
RHSA-2021:3886
RHSA-2021:3887
RHSA-2021:3889
RHSA-2021:3891
RHSA-2021:3892
RHSA-2021:3893
RHSA-2021:4135
RHSA-2021:5030
RHSA-2021_3889
RHSA-2021_3891
RHSA-2021_3892
RHSA-2021_3893
RHSA-2021_4135
RHSA-2021_5030
RHSA-2022:0310
RHSA-2022:0345
RHSA-2022_0310
RHSA-2022_0345
RLSA-2021:3891
RLSA-2021:3893
RLSA-2021:4135
ROSA-SA-2023-2134
SUSE-SU-2021:3528-1
SUSE-SU-2021:3671-1
SUSE-SU-2021:3770-1
SUSE-SU-2021:3771-1
SUSE-SU-2021:3797-1
SUSE-SU-2022:0107-1
SUSE-SU-2022:0108-1
SUSE-SU-2022:0166-1
SUSE-SU-2022:14875-1
SUSE-SU-2022:14876-1
USN-5202-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Ibm Aix
Java Platform
Java Se
Linuxmint
Oracle Graalvm Enterprise Edition
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu