CVE-2021-2161 — Vulnetix

CVE-2021-2161 PUBLISHED

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

EPSS 1.40% · 80.3th percentile

Risk Scores

EPSS Score

1.40%

80.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	icedtea-web	1.5.2-1ubuntu2, 0, 1.5.3-0ubuntu1
Ubuntu:20.04:LTS	icedtea-web	0, 1.8-0ubuntu8
Ubuntu:24.04:LTS	icedtea-web	0, 1.8.8-2ubuntu1, 1.8.8-2
Ubuntu:22.04:LTS	icedtea-web	0, 1.8.4-1build1
Ubuntu:25.10	icedtea-web	1.8.8-3, 0
Ubuntu:18.04:LTS	icedtea-web	1.6.2-3.1ubuntu3, 0, 1.8-0ubuntu8~18.04

Timeline

Apr 20, 2021 CVE Published
Apr 27, 2021 EPSS Score
Jun 30, 2021 EPSS Score
Oct 31, 2021 EPSS Score
Jan 1, 2022 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 4, 2022 EPSS Score
Jul 5, 2022 EPSS Score
Sep 6, 2022 EPSS Score
Nov 6, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-2161 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-2161 third-party-advisory

Open in Interactive Console →