CVE-2021-35565

MEDIUM

NetApp OnCommand Insight - Denial of Service via TLS

Title source: llm
STIX 2.1

Description

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-5000
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202209-05

Scores

CVSS v3 5.3
EPSS 0.0015
EPSS Percentile 35.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

Status published
Products (21)
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 33
fedoraproject/fedora 34
fedoraproject/fedora 35
netapp/active_iq_unified_manager (2 CPE variants)
netapp/e-series_santricity_os_controller 11.0.0 - 11.50.2
netapp/e-series_santricity_storage_manager
netapp/e-series_santricity_web_services
... and 11 more
Published Oct 20, 2021
Tracked Since Feb 18, 2026