Vulnerability Name: CVE-2021-2432 (CCN-205856) Assigned: 2020-12-09 Published: 2021-07-20 Updated: 2022-09-23 Summary: Vulnerability in the Java SE product of Oracle Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.Note CVSS v3 Severity: 3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2021-2432 oracle-cpujul2021-cve20212432(205856) https://kc.mcafee.com/corporate/index?page=content&id=SB10366 GLSA-202209-05 https://security.netapp.com/advisory/ntap-20210723-0002/ Multiple vulnerabilities may affect IBM SDK, Java Technology Edition Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2021 CPU that is bundled with IBM WebSphere Application Server Patterns Multiple security vulnerabilities affect Liberty for Java for IBM Cloud Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Security Vulnerabilities in IBM Java SDK July 2021 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology September 2021 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway Multiple vulnerabilities in IBM Java SDK affect AIX IBM SDK, Java Tech Edition Quarterly CPU Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341) IBM SDK, Java Tech Edition Quarterly CPU Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341) IBM Kenexa LMS On Premise -IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU (minus CVE-2021-2341) Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester Cloud Pak for Security is vulnerable to several CVEs IBM Cloud Transformation Advisor is affected by multiple IBM Java Runtime vulnerabilities IBM Event Streams is affected by multiple vulnerabilities in the Java runtime IBM SDK, Java Technology Edition Quarterly CPU - Jul 2021 - Includes Oracle Jul 2021 CPU IBM Data Risk Manager is affected by multiple vulnerabilities IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2369 and CVE-2021-2432 Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - July 2021 Multiple vulnerabilities may affect IBM SDK, Java Technology Edition IBM SDK, Java Technology Edition Quarterly CPU - July 2021 - Includes Oracle July 2021 CPU minus CVE-2021-2341 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.7 A vulnerability in IBM Java SDK (July 2021) affects IBM InfoSphere Information Server (CVE-2021-2432) A vulnerability in IBM Java SDK affects IBM Tivoli Netcool Impact (CVE-2021-2388, CVE-2021-2369, CVE-2021-2432) Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer Vulnerabilities in IBM Java included with IBM Tivoli Monitoring Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Web Services Multiple Vulnerabilities in IBM Sterling Connect:Direct Browser User Interface IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional IBM MQ is vulnerable to multiple issues within the IBM Runtime Environment Java Technology Edition, Versions 7 and 8 shipped with IBM MQ (CVE-2021-2432, CVE-2021-2388) Multiple security vulnerabilities fixed in Cloud Pak for Automation components IBM Rational Build Forge 8.0.x is affected by Java version used in it.(CVE-2021-2388, CVE-2021-2369, CVE-2021-2432) Multiple security vulnerabilities have been identified in IBM Java SDK that affect IBM Security Directory Suite - July 2021 CPU Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server Security Vulnerabilities affect IBM Cloud Private - Java (Multiple CVEs) IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities Multiple Vulnerabilities in Java affecting Watson Knowledge Catalog for IBM Cloud Pak for Data Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities. Multiple vulnerabilities found in IBM MQ and Java 8 which is shipped with IBM Intelligent Operations Center(CVE-2021-2388, CVE-2021-2369, CVE-2021-2432) IBM SDK, Java Technology Edition Quarterly CPU - January 2019 through July 2022 affects AIX LPARs in IBM PureData System for Operational Analytics IBM Cognos Controller has addressed multiple vulnerabilities Oracle Critical Patch Update Advisory - July 2021 https://www.oracle.com/security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:jdk:1.7.0:update301:*:*:*:*:*:* Configuration 2 :cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* (Version < 5.10.0) OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:* OR cpe:/a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:java_se:7u301:*:*:*:*:*:*:* AND cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_build_forge:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_query_management_facility:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_business_developer:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.0:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_functional_tester:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server_patterns:2.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_cast_iron:7.5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_cast_iron:7.5.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_cast_iron:7.5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect:7.5.2.0:*:*:*:professional:*:*:* OR cpe:/a:ibm:content_collector:4.0.0:*:*:*:email:*:*:* OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_query_management_facility:11.2:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_query_management_facility:12.1:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_query_management_facility:12.2:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:* OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:app_connect:7.5.3.0:*:*:*:professional:*:*:* OR cpe:/a:ibm:mq:8.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:mq:9.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:mq:9.1.0:*:*:*:continuous_delivery:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_directory_server:6.4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_directory_administrator:6.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:* OR cpe:/a:ibm:dataquant:2.1:*:*:*:z/os:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_publishing_engine:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:db2_query_management_facility:11.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_composite_application_manager:7.4.0:*:*:*:transactions:*:*:* OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:mq:9.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:2019.4.3:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:11.0.9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_security:1.7.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_security:1.7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:java:7.0.10.85:*:*:*:*:*:*:* OR cpe:/a:ibm:java:7.1.4.85:*:*:*:*:*:*:* OR cpe:/a:ibm:java:8.0.6.30:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:8.0.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:8.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:8.1.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cics_transaction_gateway:9.0.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.1.5:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.2.2:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.2.3:*:*:*:*:*:*:* OR cpe:/o:ibm:aix:7.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* Oval Definitions BACK
oracle jdk 1.7.0 update301
mcafee epolicy orchestrator 5.10.0 update_1
mcafee epolicy orchestrator 5.10.0 update_2
mcafee epolicy orchestrator 5.10.0 update_3
mcafee epolicy orchestrator 5.10.0 update_4
mcafee epolicy orchestrator 5.10.0 update_5
mcafee epolicy orchestrator 5.10.0 update_6
mcafee epolicy orchestrator 5.10.0 -
mcafee epolicy orchestrator *
mcafee epolicy orchestrator 5.10.0 update_7
mcafee epolicy orchestrator 5.10.0 update_8
mcafee epolicy orchestrator 5.10.0 update_9
mcafee epolicy orchestrator 5.10.0 update_10
oracle java se 7u301
ibm aix 7.1
ibm rational directory server 5.2.1
ibm rational build forge 8.0
ibm tivoli monitoring 6.3.0
ibm i 7.1
ibm i 7.2
ibm db2 query management facility 11.1
ibm tivoli netcool/impact 7.1.0
ibm content collector 4.0.1
ibm rational business developer 9.1
ibm rational business developer 9.5
ibm i 7.3
ibm websphere application server patterns 1.0.0.0
ibm aix 7.2
ibm rational functional tester 9.1
ibm infosphere information server 11.7
ibm rational functional tester 9.2
ibm websphere application server patterns 1.0.0.7
ibm websphere application server patterns 2.2.0.0
ibm tivoli monitoring 6.3.0.1
ibm tivoli monitoring 6.3.0.2
ibm tivoli monitoring 6.3.0.3
ibm tivoli monitoring 6.3.0.4
ibm tivoli monitoring 6.3.0.5
ibm tivoli monitoring 6.3.0.6
ibm tivoli monitoring 6.3.0.7
ibm websphere cast iron 7.5.0.0
ibm websphere cast iron 7.5.0.1
ibm websphere cast iron 7.5.1.0
ibm app connect 7.5.2.0
ibm content collector 4.0.0
ibm rational functional tester 9.5
ibm intelligent operations center 5.1.0
ibm intelligent operations center 5.1.0.2
ibm intelligent operations center 5.1.0.3
ibm intelligent operations center 5.1.0.4
ibm intelligent operations center 5.1.0.6
ibm db2 query management facility 11.2
ibm db2 query management facility 12.1
ibm db2 query management facility 12.2
ibm cognos controller 10.4.0
ibm i 7.4
ibm app connect 7.5.3.0
ibm mq 8.0.0
ibm java 7.0.0.0
ibm java 7.1.0.0
ibm java 8.0.0.0
ibm mq 9.0.0
ibm mq 9.1.0
ibm cognos controller 10.4.1
ibm security directory server 6.4.0
ibm vios 3.1
ibm watson discovery 2.0.0
ibm rational directory administrator 6.0.0.2
ibm qradar security information and event manager 7.3.3
ibm dataquant 2.1
ibm tivoli application dependency discovery manager 7.3.0.0
ibm rational business developer 9.6
ibm cloud private 3.2.1 cd
ibm data risk manager 2.0.6
ibm cics transaction gateway 9.1.0.0
ibm cics transaction gateway 9.1.0.3
ibm cics transaction gateway 9.2.0.0
ibm cics transaction gateway 9.2.0.2
ibm event streams 2019.4.1
ibm rational publishing engine 7.0
ibm db2 query management facility 11.2.1
ibm intelligent operations center 5.2
ibm intelligent operations center 5.2.1
ibm event streams 2019.4.2
ibm event streams 10.0.0
ibm cloud private 3.2.2 cd
ibm tivoli composite application manager 7.4.0
ibm cognos controller 10.4.2
ibm mq 9.2.0
ibm event streams 2019.4.3
ibm event streams 10.1.0
ibm java 11.0.9.0
ibm watson discovery 2.2.1
ibm event streams 10.2.0
ibm cloud pak for automation 21.0.1
ibm cloud pak for automation 21.0.2 -
ibm qradar security information and event manager 7.4.3 -
ibm cloud pak for security 1.7.0.0
ibm cloud pak for security 1.7.1.0
ibm java 7.0.10.85
ibm java 7.1.4.85
ibm java 8.0.6.30
ibm cics transaction gateway 8.0.0.0
ibm cics transaction gateway 8.0.0.6
ibm cics transaction gateway 8.1.0.0
ibm cics transaction gateway 8.1.0.5
ibm cics transaction gateway 9.0.0.0
ibm cics transaction gateway 9.0.0.5
ibm cloud pak for security 1.7.2.0
ibm event streams 10.3.0
ibm event streams 10.3.1
ibm aix 7.1.5
ibm aix 7.2.2
ibm aix 7.2.3
ibm aix 7.2.4
ibm qradar security information and event manager 7.5.0 -
Denotes that component is vulnerable