PT-2021-7894 · Oracle+11 · Java Se+13

Published

2021-10-19

·

Updated

2026-05-08

·

CVE-2021-35578

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Java SE versions 8u301, 11.0.12, 17 Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0
Description The issue is related to the JSSE component and allows an unauthenticated attacker with network access via TLS to compromise Java SE and Oracle GraalVM Enterprise Edition. Successful attacks can result in a partial denial of service. This vulnerability can only be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.
Recommendations For Java SE versions 8u301, 11.0.12, 17, consider disabling the JSSE component until a patch is available. For Oracle GraalVM Enterprise Edition versions 20.3.3 and 21.2.0, restrict access to the JSSE component to minimize the risk of exploitation. As a temporary workaround, avoid using APIs in the JSSE component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

NULL Pointer Dereference

Weakness Enumeration

CWE-20CWE-476

Related Identifiers

ALSA-2021:3891
ALSA-2021:3893
ALSA-2021:4135
ALT-PU-2022-7655
BDU:2023-05093
BIT-JAVA-2021-35578
BIT-JAVA-MIN-2021-35578
BIT-JRE-2021-35578
CESA-2021_3889
CESA-2021_3891
CESA-2021_3892
CESA-2021_3893
CESA-2021_4135
CESA-2022_0345
CVE-2021-35578
DLA-2814-1
DSA-5000-1
DSA-5000-2
DSA-5012-1
MGASA-2021-0542
OESA-2022-1702
OESA-2022-1813
OESA-2022-1815
OPENSUSE-SU-2021:1455-1
OPENSUSE-SU-2021:1480-1
OPENSUSE-SU-2021:1500-1
OPENSUSE-SU-2021:3615-1
OPENSUSE-SU-2021:3671-1
OPENSUSE-SU-2021:3770-1
OPENSUSE-SU-2021_1455-1
OPENSUSE-SU-2021_1480-1
OPENSUSE-SU-2021_1500-1
OPENSUSE-SU-2021_3615-1
OPENSUSE-SU-2021_3671-1
OPENSUSE-SU-2021_3770-1
OPENSUSE-SU-2022:0108-1
OPENSUSE-SU-2022_0108-1
OPENSUSE-SU-2024:11583-1
OPENSUSE-SU-2024:11584-1
OPENSUSE-SU-2024:11587-1
OPENSUSE-SU-2024:11588-1
OPENSUSE-SU-2024:11612-1
OPENSUSE-SU-2024:11896-1
RHSA-2021:3884
RHSA-2021:3885
RHSA-2021:3886
RHSA-2021:3887
RHSA-2021:3889
RHSA-2021:3891
RHSA-2021:3892
RHSA-2021:3893
RHSA-2021:4135
RHSA-2021:5030
RHSA-2021_3889
RHSA-2021_3891
RHSA-2021_3892
RHSA-2021_3893
RHSA-2021_4135
RHSA-2021_5030
RHSA-2022:0345
RHSA-2022_0345
RLSA-2021:3891
RLSA-2021:3893
RLSA-2021:4135
ROSA-SA-2023-2134
SUSE-SU-2021:3528-1
SUSE-SU-2021:3671-1
SUSE-SU-2021:3770-1
SUSE-SU-2021:3771-1
SUSE-SU-2022:0107-1
SUSE-SU-2022:0108-1
USN-5202-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graalvm Enterprise Edition
Ibm Aix
Java Platform
Java Se
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu