{"id":"CVE-2021-2369","details":"Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).","aliases":["BIT-java-2021-2369","BIT-java-min-2021-2369","BIT-jre-2021-2369"],"modified":"2026-05-15T12:03:55.101546764Z","published":"2021-07-21T15:15:31.057Z","related":["ALSA-2021:2776","ALSA-2021:2781","CGA-mgwj-35w3-4888","SUSE-SU-2021:2613-1","SUSE-SU-2021:2797-1","SUSE-SU-2021:2798-1","SUSE-SU-2021:2952-1","SUSE-SU-2021:3007-1","SUSE-SU-2022:0107-1","SUSE-SU-2022:0108-1","SUSE-SU-2022:0166-1","SUSE-SU-2022:14875-1","SUSE-SU-2022:14876-1","openSUSE-SU-2021:1176-1","openSUSE-SU-2021:1233-1","openSUSE-SU-2021:1455-1","openSUSE-SU-2021:2798-1","openSUSE-SU-2021:2952-1","openSUSE-SU-2021:3615-1","openSUSE-SU-2022:0108-1","openSUSE-SU-2024:10871-1","openSUSE-SU-2024:10872-1","openSUSE-SU-2024:10873-1","openSUSE-SU-2024:10874-1","openSUSE-SU-2024:10876-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:jdk:1.7.0:update301:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:1.8.0:update291:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:11.0.11:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:16.0.1:*:*:*:*:*:*:*"],"vendor_product":"oracle:jdk","extracted_events":[{"last_affected":"1.7.0-update301"},{"last_affected":"1.8.0-update291"},{"last_affected":"11.0.11"},{"last_affected":"16.0.1"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:jre:1.7.0:update301:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:1.8.0:update291:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:11.0.11:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:16.0.1:*:*:*:*:*:*:*"],"vendor_product":"oracle:jre","extracted_events":[{"last_affected":"1.7.0-update301"},{"last_affected":"1.8.0-update291"},{"last_affected":"11.0.11"},{"last_affected":"16.0.1"}]},{"source":"CPE_FIELD","cpes":["cpe:2.3:a:oracle:openjdk:11.0.10:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.11:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.5:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.6:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.7:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.8:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:11.0.9:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.5:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.6:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:13.0.7:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:16.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*","cpe:2.3:a:oracle:openjdk:8:update292:*:*:*:*:*:*"],"vendor_product":"oracle:openjdk","extracted_events":[{"last_affected":"7-NA"},{"last_affected":"7-NA"},{"last_affected":"7-NA"},{"last_affected":"7-update1"},{"last_affected":"7-update1"},{"last_affected":"7-update1"},{"last_affected":"7-update10"},{"last_affected":"7-update10"},{"last_affected":"7-update10"},{"last_affected":"7-update11"},{"last_affected":"7-update11"},{"last_affected":"7-update11"},{"last_affected":"7-update13"},{"last_affected":"7-update13"},{"last_affected":"7-update13"},{"last_affected":"7-update15"},{"last_affected":"7-update15"},{"last_affected":"7-update15"},{"last_affected":"7-update151"},{"last_affected":"7-update151"},{"last_affected":"7-update151"},{"last_affected":"7-update161"},{"last_affected":"7-update161"},{"last_affected":"7-update161"},{"last_affected":"7-update17"},{"last_affected":"7-update17"},{"last_affected":"7-update17"},{"last_affected":"7-update171"},{"last_affected":"7-update171"},{"last_affected":"7-update171"},{"last_affected":"7-update181"},{"last_affected":"7-update181"},{"last_affected":"7-update181"},{"last_affected":"7-update191"},{"last_affected":"7-update191"},{"last_affected":"7-update191"},{"last_affected":"7-update2"},{"last_affected":"7-update2"},{"last_affected":"7-update2"},{"last_affected":"7-update201"},{"last_affected":"7-update201"},{"last_affected":"7-update201"},{"last_affected":"7-update21"},{"last_affected":"7-update21"},{"last_affected":"7-update21"},{"last_affected":"7-update211"},{"last_affected":"7-update211"},{"last_affected":"7-update211"},{"last_affected":"7-update221"},{"last_affected":"7-update221"},{"last_affected":"7-update221"},{"last_affected":"7-update231"},{"last_affected":"7-update231"},{"last_affected":"7-update231"},{"last_affected":"7-update241"},{"last_affected":"7-update241"},{"last_affected":"7-update241"},{"last_affected":"7-update251"},{"last_affected":"7-update251"},{"last_affected":"7-update251"},{"last_affected":"7-update261"},{"last_affected":"7-update261"},{"last_affected":"7-update261"},{"last_affected":"7-update271"},{"last_affected":"7-update271"},{"last_affected":"7-update271"},{"last_affected":"7-update281"},{"last_affected":"7-update281"},{"last_affected":"7-update281"},{"last_affected":"7-update291"},{"last_affected":"7-update291"},{"last_affected":"7-update291"},{"last_affected":"7-update3"},{"last_affected":"7-update3"},{"last_affected":"7-update3"},{"last_affected":"7-update301"},{"last_affected":"7-update301"},{"last_affected":"7-update301"},{"last_affected":"8-NA"},{"last_affected":"8-NA"},{"last_affected":"8-NA"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone1"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone2"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone3"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone4"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone5"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone6"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone7"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone8"},{"last_affected":"8-milestone9"},{"last_affected":"8-milestone9"},{"last_affected":"8-milestone9"},{"last_affected":"8-update141"},{"last_affected":"8-update141"},{"last_affected":"8-update141"},{"last_affected":"8-update151"},{"last_affected":"8-update151"},{"last_affected":"8-update151"},{"last_affected":"8-update152"},{"last_affected":"8-update152"},{"last_affected":"8-update152"},{"last_affected":"8-update161"},{"last_affected":"8-update161"},{"last_affected":"8-update161"},{"last_affected":"8-update162"},{"last_affected":"8-update162"},{"last_affected":"8-update162"},{"last_affected":"8-update171"},{"last_affected":"8-update171"},{"last_affected":"8-update171"},{"last_affected":"8-update172"},{"last_affected":"8-update172"},{"last_affected":"8-update172"},{"last_affected":"8-update181"},{"last_affected":"8-update181"},{"last_affected":"8-update181"},{"last_affected":"8-update191"},{"last_affected":"8-update191"},{"last_affected":"8-update191"},{"last_affected":"8-update192"},{"last_affected":"8-update192"},{"last_affected":"8-update192"},{"last_affected":"8-update201"},{"last_affected":"8-update201"},{"last_affected":"8-update201"},{"last_affected":"8-update202"},{"last_affected":"8-update202"},{"last_affected":"8-update202"},{"last_affected":"8-update211"},{"last_affected":"8-update211"},{"last_affected":"8-update211"},{"last_affected":"8-update212"},{"last_affected":"8-update212"},{"last_affected":"8-update212"},{"last_affected":"8-update221"},{"last_affected":"8-update221"},{"last_affected":"8-update221"},{"last_affected":"8-update222"},{"last_affected":"8-update222"},{"last_affected":"8-update222"},{"last_affected":"8-update231"},{"last_affected":"8-update231"},{"last_affected":"8-update231"},{"last_affected":"8-update232"},{"last_affected":"8-update232"},{"last_affected":"8-update232"},{"last_affected":"8-update241"},{"last_affected":"8-update241"},{"last_affected":"8-update241"},{"last_affected":"8-update242"},{"last_affected":"8-update242"},{"last_affected":"8-update242"},{"last_affected":"8-update252"},{"last_affected":"8-update252"},{"last_affected":"8-update252"},{"last_affected":"8-update262"},{"last_affected":"8-update262"},{"last_affected":"8-update262"},{"last_affected":"8-update271"},{"last_affected":"8-update271"},{"last_affected":"8-update271"},{"last_affected":"8-update281"},{"last_affected":"8-update281"},{"last_affected":"8-update281"},{"last_affected":"8-update282"},{"last_affected":"8-update282"},{"last_affected":"8-update282"},{"last_affected":"8-update291"},{"last_affected":"8-update291"},{"last_affected":"8-update291"},{"last_affected":"8-update292"},{"last_affected":"8-update292"},{"last_affected":"8-update292"},{"last_affected":"11.0.1"},{"last_affected":"11.0.1"},{"last_affected":"11.0.1"},{"last_affected":"11.0.2"},{"last_affected":"11.0.2"},{"last_affected":"11.0.2"},{"last_affected":"11.0.3"},{"last_affected":"11.0.3"},{"last_affected":"11.0.3"},{"last_affected":"11.0.4"},{"last_affected":"11.0.4"},{"last_affected":"11.0.4"},{"last_affected":"11.0.5"},{"last_affected":"11.0.5"},{"last_affected":"11.0.5"},{"last_affected":"11.0.6"},{"last_affected":"11.0.6"},{"last_affected":"11.0.6"},{"last_affected":"11.0.7"},{"last_affected":"11.0.7"},{"last_affected":"11.0.7"},{"last_affected":"11.0.8"},{"last_affected":"11.0.8"},{"last_affected":"11.0.8"},{"last_affected":"11.0.9"},{"last_affected":"11.0.9"},{"last_affected":"11.0.9"},{"last_affected":"11.0.10"},{"last_affected":"11.0.10"},{"last_affected":"11.0.10"},{"last_affected":"11.0.11"},{"last_affected":"11.0.11"},{"last_affected":"11.0.11"},{"last_affected":"13.0.1"},{"last_affected":"13.0.1"},{"last_affected":"13.0.1"},{"last_affected":"13.0.2"},{"last_affected":"13.0.2"},{"last_affected":"13.0.2"},{"last_affected":"13.0.3"},{"last_affected":"13.0.3"},{"last_affected":"13.0.3"},{"last_affected":"13.0.4"},{"last_affected":"13.0.4"},{"last_affected":"13.0.4"},{"last_affected":"13.0.5"},{"last_affected":"13.0.5"},{"last_affected":"13.0.5"},{"last_affected":"13.0.6"},{"last_affected":"13.0.6"},{"last_affected":"13.0.6"},{"last_affected":"13.0.7"},{"last_affected":"13.0.7"},{"last_affected":"13.0.7"},{"last_affected":"16.0.1"},{"last_affected":"16.0.1"},{"last_affected":"16.0.1"}]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00011.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-05"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210723-0002/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4946"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982879"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}