First published: Mon Oct 18 2021(Updated: )
An unspecified vulnerability in Java SE related to the Keytool component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el7_9 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el7_9 | 11-openjdk-1:11.0.13.0.8-1.el7_9 |
redhat/java | <1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7 |
redhat/java | <1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.5.0-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el8_4 | 11-openjdk-1:11.0.13.0.8-1.el8_4 |
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el8_4 |
redhat/java | <17-openjdk-1:17.0.1.0.12-2.el8_5 | 17-openjdk-1:17.0.1.0.12-2.el8_5 |
redhat/java | <1.8.0-ibm-1:1.8.0.7.0-1.el8_5 | 1.8.0-ibm-1:1.8.0.7.0-1.el8_5 |
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el8_1 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el8_1 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el8_1 | 11-openjdk-1:11.0.13.0.8-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.312.b07-1.el8_2 | 1.8.0-openjdk-1:1.8.0.312.b07-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.13.0.8-1.el8_2 | 11-openjdk-1:11.0.13.0.8-1.el8_2 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.8+7-1~deb12u1 17.0.9+9-1 | |
debian/openjdk-8 | 8u382-ga-2 | |
IBM Security QRadar | <=7.5.0 GA | |
IBM Security QRadar | <=7.4.3 GA - 7.4.3 FP4 | |
IBM Security QRadar | <=7.3.3 GA - 7.3.3 FP10 | |
Oracle GraalVM Enterprise Edition | =20.3.3 | |
Oracle GraalVM Enterprise Edition | =21.2.0 | |
OpenJDK 8 | =7-update311 | |
OpenJDK 8 | =8-update301 | |
OpenJDK 8 | =11.0.12 | |
OpenJDK 8 | =17 | |
NetApp Active IQ Unified Manager for VMware vSphere | ||
NetApp Active IQ Unified Manager | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.50.2 | |
NetApp SANtricity Storage Manager | ||
NetApp E-Series SANtricity Web Services | ||
NetApp SolidFire & HCI Management Node | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
NetApp E-Series SANtricity Unified Manager | ||
NetApp SnapManager for Oracle | ||
NetApp SnapManager for SAP | ||
NetApp SolidFire & HCI Storage Node | ||
Red Hat Fedora | =33 | |
Red Hat Fedora | =34 | |
Red Hat Fedora | =35 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2021-35564.
The severity of CVE-2021-35564 is medium with a CVSS score of 5.3.
The Keytool component of Java SE is affected by CVE-2021-35564.
CVE-2021-35564 can be easily exploited without authentication.
The affected versions of Java SE are 7u311, 8u301, 11.0.12, and 17. The affected versions of Oracle GraalVM Enterprise Edition are 20.3.3 and 21.2.0.
To fix CVE-2021-35564, you should install the relevant patches or updates provided by Oracle or Red Hat.
You can find more information about CVE-2021-35564 on the Oracle and Red Hat websites.