CVE-2021-35560
First published: Tue Oct 19 2021(Updated: )
An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.7.0-1.el8_5 | 1.8.0-ibm-1:1.8.0.7.0-1.el8_5 |
| IBM Cognos Analytics | <=12.0.0-12.0.1 | |
| IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 | |
| IBM Cognos Analytics | <=11.1.1-11.1.7 FP7 | |
| Oracle Openjdk | =8-update301 | |
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.50.2 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Web Services Web Services Proxy | ||
| NetApp OnCommand Insight | ||
| Netapp Santricity Unified Manager |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-35560 https://nvd.nist.gov/vuln/detail/CVE-2021-35560
- https://bugzilla.redhat.com/show_bug.cgi?id=2027731
- https://access.redhat.com/errata/RHSA-2021:5030
- https://access.redhat.com/errata/RHSA-2022:0345
- https://access.redhat.com/security/cve/CVE-2021-35560
- https://security.netapp.com/advisory/ntap-20211022-0004/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA
- https://access.redhat.com/security/cve/cve-2021-35560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/211636
- https://www.ibm.com/support/pages/node/7123154 (Advisory)
Frequently Asked Questions
What is CVE-2021-35560?
CVE-2021-35560 is an unspecified vulnerability in Java SE related to the Deployment component that could allow an unauthenticated attacker with network access to compromise Java SE.
What is the severity of CVE-2021-35560?
CVE-2021-35560 has a severity level of high.
Which versions of Java SE are affected by CVE-2021-35560?
The affected version of Java SE is 8u301.
How can CVE-2021-35560 be exploited?
Successful attacks require network access via multiple protocols.
How do I fix CVE-2021-35560?
To fix CVE-2021-35560, apply the recommended patches or update to the specified versions of the affected software.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-35560
- agent/remedy
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/references
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/12.0.0-12.0.1
- version/ibm cognos analytics/11.2.0-11.2.4 fp2
- version/ibm cognos analytics/11.1.1-11.1.7 fp7
- vendor/oracle
- canonical/oracle openjdk
- version/oracle openjdk/8-update301
- vendor/netapp
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.50.2
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity web services web services proxy
- canonical/netapp oncommand insight
- canonical/netapp santricity unified manager