CVE-2021-35567

Name of the Vulnerable Software and Affected Versions Java SE versions 8u301, 11.0.12, 17 Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0

Description The issue is related to a vulnerability in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition, which can be exploited by a low-privileged attacker with network access via Kerberos. Successful attacks require human interaction and can result in unauthorized access to critical data or complete access to all accessible data. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.

Recommendations For Java SE versions 8u301, 11.0.12, 17, consider disabling the use of Kerberos for network access until a patch is available. For Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0, restrict access to the Libraries component to minimize the risk of exploitation. As a temporary workaround, consider disabling the use of APIs in the specified component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.