CVE-2021-35560: High severity openjdk 8 vulnerability

Published Oct 19, 2021
·
Updated

An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to take control of the system.

Other sources

Oracle Java SE 8u311 fixes an unspecified vulnerability in the Deployment component (CVE-2021-35560). Upstream has CVSS scored this issue as: 7.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference:

https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA

Red Hat

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Affected Software

11 affected componentsFixes available
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
1.8.0-ibm-1:1.8.0.7.0-1jpp.1.el7
redhat/java<1.8.0-ibm-1:1.8.0.7.0-1.el8_5
1.8.0-ibm-1:1.8.0.7.0-1.el8_5
Oracle OpenJDK=8-update301
NetApp E-Series SANtricity OS Controller>=11.0.0<=11.50.2
NetApp E-series Santricity Storage Manager
NetApp E-series Santricity Web Services Web Services Proxy
NetApp OnCommand Insight
NetApp Santricity Unified Manager
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM<=7.3.3 GA - 7.3.3 FP10

Remediation

Patch Available

https://www.oracle.com/security-alerts/cpuoct2021.html

Event History

Oct 19, 2021
CVE Published
12:00 AM
Oct 20, 2021
CVE Published
via MITRE·10:50 AM
Data Sourced
via MITRE·10:50 AM
DescriptionSeverityWeakness
Nov 30, 2021
Data Sourced
via Red Hat·02:15 PM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2021-35560?

CVE-2021-35560 is an unspecified vulnerability in Java SE related to the Deployment component that could allow an unauthenticated attacker with network access to compromise Java SE.

2

What is the severity of CVE-2021-35560?

CVE-2021-35560 has a severity level of high.

3

Which versions of Java SE are affected by CVE-2021-35560?

The affected version of Java SE is 8u301.

4

How can CVE-2021-35560 be exploited?

Successful attacks require network access via multiple protocols.

5

How do I fix CVE-2021-35560?

To fix CVE-2021-35560, apply the recommended patches or update to the specified versions of the affected software.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203