| VID |
50324 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 301, 8 Update 291, 11 Update 11, or 16 Update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory:
- A vulnerability in Java SE, SE Embedded and Oracle GraalVM Enterprise Edition allows unauthenticated remote attacker to compromise the system which can result in an unauthorized creation, deletion or modification access to critical data. (CVE-2021-2161)
- A vulnerability in Java SE, SE Embedded and Oracle GraalVM Enterprise Edition allows unauthenticated remote attacker with a human interaction from a person other than the attacker to compromise the system which can result in an unauthorized creation, deletion or modification access to critical data. (CVE-2021-2163)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.oracle.com/a/tech/docs/cpuapr2021cvrf.xml
https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixJAVA
* Platforms Affected:
Oracle Java JDK and JRE prior to 1.8.0_291
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 1.8.0_291 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2021-2161,CVE-2021-2163 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
