Improper input validation in Oracle GraalVM Enterprise Edition

#VU55060 Improper input validation

Published: 2021-07-20 | Updated: 2021-07-22

Vulnerability identifier: #VU55060

Vulnerability risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-2341

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle GraalVM Enterprise Edition
Server applications / Virtualization software

Vendor: Oracle

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Oracle GraalVM Enterprise Edition: 20.3.2, 21.1.0

CPE

External links
https://www.oracle.com/security-alerts/cpujul2021.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for java-1.8.0-openjdk

Red Hat Enterprise Linux 7 Supplementary update for java-1.7.1-ibm

Red Hat Enterprise Linux 7 Supplementary update for java-1.8.0-ibm

CentOS 7 update for java-1.8.0-openjdk

SUSE Linux Enterprise Server update for java-11-openjdk

Debian update for openjdk-11

Red Hat OpenJDK 11.0.12 Security Update for Portable Linux Builds

Red Hat OpenJDK 11.0.12 Security Update for Windows Builds

CentOS 7 update for java-11-openjdk

Multiple vulnerabilities in Red hat OpenJDK Java