CVE-2021-2432
First published: Tue Jul 20 2021(Updated: )
An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM DRM | <=2.0.6 | |
| Oracle JDK 6 | =1.7.0-update301 | |
| Trellix ePolicy Orchestrator | <5.10.0 | |
| Trellix ePolicy Orchestrator | =5.10.0 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_1 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_10 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_2 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_3 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_4 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_5 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_6 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_7 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_8 | |
| Trellix ePolicy Orchestrator | =5.10.0-update_9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://kc.mcafee.com/corporate/index?page=content&id=SB10366
- https://security.gentoo.org/glsa/202209-05
- https://security.netapp.com/advisory/ntap-20210723-0002/
- https://www.oracle.com/security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://access.redhat.com/security/cve/CVE-2021-2432
- https://www.oracle.com/security-alerts/cpujul2021.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2021:3293
- https://access.redhat.com/security/cve/cve-2021-2432
- https://bugzilla.redhat.com/show_bug.cgi?id=1994980
- https://exchange.xforce.ibmcloud.com/vulnerabilities/205856
- https://www.ibm.com/support/pages/node/6497499 (Advisory)
Frequently Asked Questions
What is CVE-2021-2432?
CVE-2021-2432 is an unspecified vulnerability in Java SE related to the JNDI component.
How does CVE-2021-2432 impact the system?
CVE-2021-2432 allows an unauthenticated attacker to cause a denial of service resulting in a low availability impact.
What is the severity of CVE-2021-2432?
The severity of CVE-2021-2432 is medium, with a severity value of 3.7.
Which software is affected by CVE-2021-2432?
QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10 are affected by CVE-2021-2432.
How do I fix CVE-2021-2432?
To fix CVE-2021-2432, apply the patches provided by IBM for the affected QRadar SIEM versions.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-2432
- agent/remedy
- agent/author
- agent/description
- agent/severity
- agent/event
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm drm
- version/ibm drm/2.0.6
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0-update301
- vendor/mcafee
- canonical/trellix epolicy orchestrator
- version/trellix epolicy orchestrator/5.10.0
- version/trellix epolicy orchestrator/5.10.0-update_1
- version/trellix epolicy orchestrator/5.10.0-update_10
- version/trellix epolicy orchestrator/5.10.0-update_2
- version/trellix epolicy orchestrator/5.10.0-update_3
- version/trellix epolicy orchestrator/5.10.0-update_4
- version/trellix epolicy orchestrator/5.10.0-update_5
- version/trellix epolicy orchestrator/5.10.0-update_6
- version/trellix epolicy orchestrator/5.10.0-update_7
- version/trellix epolicy orchestrator/5.10.0-update_8
- version/trellix epolicy orchestrator/5.10.0-update_9