CVE-2021-35578

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
https://security.gentoo.org/glsa/202209-05	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/
https://security.gentoo.org/glsa/202209-05	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0004/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.debian.org/security/2021/dsa-5000	Third Party Advisory
https://www.debian.org/security/2021/dsa-5012	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:graalvm:20.3.3::::enterprise:::
	cpe:2.3:a:oracle:graalvm:21.2.0::::enterprise:::
	cpe:2.3:a:oracle:openjdk:8:update301::::::
	cpe:2.3:a:oracle:openjdk:11.0.12:::::::*
	cpe:2.3:a:oracle:openjdk:17:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::web_services_proxy::
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:santricity_unified_manager:-:::::::*
	cpe:2.3:a:netapp:snapmanager:-:::::oracle::
	cpe:2.3:a:netapp:snapmanager:-:::::sap::
	cpe:2.3:a:netapp:solidfire:-:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

History

21 Nov 2024, 06:12

Type	Values Removed	Values Added
References	~~() https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html - Mailing List, Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/ -
References	~~() https://security.gentoo.org/glsa/202209-05 - Third Party Advisory~~	() https://security.gentoo.org/glsa/202209-05 - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20211022-0004/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20211022-0004/ - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20240621-0006/ -~~	() https://security.netapp.com/advisory/ntap-20240621-0006/ -
References	~~() https://www.debian.org/security/2021/dsa-5000 - Third Party Advisory~~	() https://www.debian.org/security/2021/dsa-5000 - Third Party Advisory
References	~~() https://www.debian.org/security/2021/dsa-5012 - Third Party Advisory~~	() https://www.debian.org/security/2021/dsa-5012 - Third Party Advisory
References	~~() https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Vendor Advisory~~	() https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Vendor Advisory

21 Jun 2024, 19:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240621-0006/ -

07 Sep 2022, 05:15

Type	Values Removed	Values Added
References		(GENTOO) https://security.gentoo.org/glsa/202209-05 -

24 Nov 2021, 22:02

Type	Values Removed	Values Added
References	~~(DEBIAN) https://www.debian.org/security/2021/dsa-5012 -~~	(DEBIAN) https://www.debian.org/security/2021/dsa-5012 - Third Party Advisory

24 Nov 2021, 11:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2021/dsa-5012 -

23 Nov 2021, 20:31

Type	Values Removed	Values Added
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/ - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/ - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/ - Mailing List, Third Party Advisory
References	~~(DEBIAN) https://www.debian.org/security/2021/dsa-5000 -~~	(DEBIAN) https://www.debian.org/security/2021/dsa-5000 - Third Party Advisory
CPE		cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:a:netapp:hci_management_node:-:::::::* cpe:2.3:a:netapp:snapmanager:-:::::sap:: cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:a:netapp:solidfire:-:::::::* cpe:2.3:a:netapp:snapmanager:-:::::oracle:: cpe:2.3:o:fedoraproject:fedora:33:::::::* cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows:: cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::*

17 Nov 2021, 22:18

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html - (DEBIAN) https://www.debian.org/security/2021/dsa-5000 - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/ -

10 Nov 2021, 01:17

Type	Values Removed	Values Added
References	~~{'url': 'https://www.debian.org/security/2021/dsa-5000', 'name': 'DSA-5000', 'tags': [], 'refsource': 'DEBIAN'}~~ {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/', 'name': 'FEDORA-2021-107c8c5063', 'tags': [], 'refsource': 'FEDORA'}

02 Nov 2021, 11:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2021/dsa-5000 -

30 Oct 2021, 02:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/ -

28 Oct 2021, 23:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/ -

25 Oct 2021, 19:15

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:oracle:graalvm:20.3.3::::enterprise::: cpe:2.3:a:oracle:openjdk:17:::::::* cpe:2.3:a:oracle:openjdk:8:update301:::::: cpe:2.3:a:netapp:e-series_santricity_os_controller:::::::: cpe:2.3:a:netapp:santricity_unified_manager:-:::::::* cpe:2.3:a:oracle:graalvm:21.2.0::::enterprise::: cpe:2.3:a:oracle:openjdk:11.0.12:::::::* cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::* cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::web_services_proxy::
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : 5.0 v3 : 5.3
References	~~(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Vendor Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0004/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0004/ - Third Party Advisory

22 Oct 2021, 18:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0004/ -

20 Oct 2021, 11:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-20 11:16

Updated : 2024-11-21 06:12

NVD link : CVE-2021-35578

Mitre link : CVE-2021-35578

CVE.ORG link : CVE-2021-35578

JSON object : View

Products Affected

fedoraproject

fedora

oracle

graalvm
openjdk

netapp

e-series_santricity_web_services
oncommand_insight
solidfire
e-series_santricity_storage_manager
e-series_santricity_os_controller
oncommand_workflow_automation
santricity_unified_manager
snapmanager
active_iq_unified_manager
hci_management_node

debian

debian_linux

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-35578", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-10-20T11:16:55.333", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/", "source": "secalert_us@oracle.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/", "source": "secalert_us@oracle.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/", "source": "secalert_us@oracle.com"}, {"url": "https://security.gentoo.org/glsa/202209-05", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://security.netapp.com/advisory/ntap-20211022-0004/", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "source": "secalert_us@oracle.com"}, {"url": "https://www.debian.org/security/2021/dsa-5000", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.debian.org/security/2021/dsa-5012", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202209-05", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20211022-0004/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2021/dsa-5000", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2021/dsa-5012", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que est\u00e1n afectadas son Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 y 21.2.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de TLS comprometer Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negaci\u00f3n parcial de servicio (DOS parcial) de Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad s\u00f3lo puede ser explotada al suministrar datos a las API en el componente especificado sin usar aplicaciones Java Web Start no confiables o applets Java no confiables, como por ejemplo mediante un servicio web. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)"}], "lastModified": "2024-11-21T06:12:34.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "53B2BB06-A2F7-4603-89C3-C8500E55483A"}, {"criteria": "cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "01E88C86-8C04-4A4A-BF45-9082AA783056"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD"}, {"criteria": "cpe:2.3:a:oracle:openjdk:11.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "190C4FEC-ECFD-4E46-8C4D-F99241CF0F75"}, {"criteria": "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D0A929D-6054-4EFB-8BAD-58826D22D34B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27723C4B-C434-4733-96E4-397AA6ECE601", "versionEndIncluding": "11.50.2", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D9CC59D-6182-4B5E-96B5-226FCD343916"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*", "vulnerable": true, "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"}, {"criteria": "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A372B177-F740-4655-865C-31777A6E140B"}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*", "vulnerable": true, "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF"}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*", "vulnerable": true, "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8"}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-35578

5.3^/10

5.0^/10

Attach tags to `CVE-2021-35578`