| VID |
50347 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of OpenJDK installed on the remote host is prior to 7 <= 7u301 / 8 <= 8u292 / 11.0.0 <= 11.0.11 / 13.0.0 <= 13.0.7 / 15.0.0 <= 15.0.3 / 16.0.0 <= 16.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021-07-20 advisory.
- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. (CVE-2021-2341)
- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. (CVE-2021-2369)
- Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. (CVE-2021-2388)
- Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. (CVE-2021-2432)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://openjdk.java.net/groups/vulnerability/advisories/2021-07-20
* Platforms Affected:
Zulu Java JDK and JRE prior to 15.0.3
Microsoft Windows Any version |
| Recommendation |
Update to Zulu JDK / JRE 15.0.3 or later and remove if necessary any affected versions
https://www.azul.com/downloads/ |
| Related URL |
CVE-2021-2341,CVE-2021-2369,CVE-2021-2388,CVE-2021-2432 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
