Vulnerability Details : CVE-2021-35560

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Publish Date : 2021-10-20 Last Update Date : 2021-10-25

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	5.1
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	High (Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)
CWE ID	CWE id is not defined for this vulnerability

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2022:0345: java-1.8.0-ibm security update (Important)	oval:com.redhat.rhsa:def:20220345		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2021-35560

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Netapp	E-series Santricity Os Controller	*	*	*	*	Version Details Vulnerabilities
2	Application	Netapp	E-series Santricity Storage Manager	-	*	*	*	Version Details Vulnerabilities
3	Application	Netapp	E-series Santricity Web Services	-	*	*	*	Version Details Vulnerabilities
4	Application	Netapp	Oncommand Insight	-	*	*	*	Version Details Vulnerabilities
5	Application	Netapp	Santricity Unified Manager	-	*	*	*	Version Details Vulnerabilities
6	Application	Oracle	Openjdk	8	Update301	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Netapp	E-series Santricity Os Controller	1
Netapp	E-series Santricity Storage Manager	1
Netapp	E-series Santricity Web Services	1
Netapp	Oncommand Insight	1
Netapp	Santricity Unified Manager	1
Oracle	Openjdk	1

- References For CVE-2021-35560

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20211022-0004/ CONFIRM

- Metasploit Modules Related To CVE-2021-35560

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)