Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Oracle
  • Graalvm
  • Jdk
  • Jre
  • Openjdk
Redhat
  • Enterprise Linux
  • Openjdk
  • Rhel Eus

Configuration 1 [-]

OR cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update292:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:16.0.1:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:graalvm:20.3.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:21.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update291:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:16.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update291:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:16.0.1:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Build of OpenJDK
Linux cpe:/a:redhat:openjdk:11.0.12 RHSA-2021:2780 2021-07-22T00:00:00Z
Windows cpe:/a:redhat:openjdk:11.0.12::windows RHSA-2021:2779 2021-07-22T00:00:00Z
Linux cpe:/a:redhat:openjdk:1.8 RHSA-2021:2778 2021-07-22T00:00:00Z
Windows cpe:/a:redhat:openjdk:1.8::windows RHSA-2021:2777 2021-07-22T00:00:00Z
Red Hat Enterprise Linux 7
java-11-openjdk-1:11.0.12.0.7-0.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2021:2784 2021-07-21T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.302.b08-0.el7_9 cpe:/o:redhat:enterprise_linux:7 RHSA-2021:2845 2021-07-21T00:00:00Z
Red Hat Enterprise Linux 8
java-1.8.0-openjdk-1:1.8.0.302.b08-0.el8_4 cpe:/a:redhat:enterprise_linux:8 RHSA-2021:2776 2021-07-21T00:00:00Z
java-11-openjdk-1:11.0.12.0.7-0.el8_4 cpe:/a:redhat:enterprise_linux:8 RHSA-2021:2781 2021-07-21T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
java-1.8.0-openjdk-1:1.8.0.302.b08-0.el8_1 cpe:/a:redhat:rhel_eus:8.1 RHSA-2021:2775 2021-07-21T00:00:00Z
java-11-openjdk-1:11.0.12.0.7-0.el8_1 cpe:/a:redhat:rhel_eus:8.1 RHSA-2021:2783 2021-07-21T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
java-1.8.0-openjdk-1:1.8.0.302.b08-0.el8_2 cpe:/a:redhat:rhel_eus:8.2 RHSA-2021:2774 2021-07-21T00:00:00Z
java-11-openjdk-1:11.0.12.0.7-0.el8_2 cpe:/a:redhat:rhel_eus:8.2 RHSA-2021:2782 2021-07-21T00:00:00Z
References
Link Providers
https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-2388 cve-icon
https://security.gentoo.org/glsa/202209-05 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20210723-0002/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-2388 cve-icon
https://www.debian.org/security/2021/dsa-4946 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
History

Tue, 27 May 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Oracle jre
Oracle openjdk
CPEs cpe:2.3:a:oracle:jre:1.8.0:update291:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:16.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11.0.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:13:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:16.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:16:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:8:update292:*:*:*:*:*:*
Vendors & Products Oracle jre
Oracle openjdk

Thu, 26 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2021-07-20T22:44:03

Updated: 2024-09-26T14:00:55.969Z

Reserved: 2020-12-09T00:00:00

Link: CVE-2021-2388

cve-icon Vulnrichment

Updated: 2024-08-03T16:38:57.621Z

cve-icon NVD

Status : Analyzed

Published: 2021-07-21T15:15:40.827

Modified: 2025-05-27T16:45:29.283

Link: CVE-2021-2388

cve-icon Redhat

Severity : Important

Publid Date: 2021-07-20T00:00:00Z

Links: CVE-2021-2388 - Bugzilla