Main Vulnerability Database Vulnerabilities #VU57487

#VU57487 Man-in-the-Middle (MitM) attack in Oracle GraalVM Enterprise Edition - CVE-2021-35550

Published: October 19, 2021 / Updated: January 3, 2023

Vulnerability identifier: #VU57487

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-35550

CWE-ID: CWE-300

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Oracle GraalVM Enterprise Edition

Software vendor:
Oracle

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to the JSSE component in Oracle GraalVM Enterprise Edition offers cipher suites in the wrong way, which causes weaker cipher suites to be offered ahead of the strong ones. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.oracle.com/security-alerts/cpuoct2021.html

#VU57487 Man-in-the-Middle (MitM) attack in Oracle GraalVM Enterprise Edition - CVE-2021-35550

Description

Remediation

External links

Please verify you're human