Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15475)

2022-01-2400:00:00

China National Vulnerability Database

www.cnvd.org.cn

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation (USA). The product supports multiple programming languages and execution modes.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to incorrect input validation in the serialization component of Oracle GraalVM Enterprise Edition. A remote, unauthenticated attacker could exploit this vulnerability to manipulate data.

CPENameOperatorVersion
oracle oracle java seeq11.0.13
oracle oracle java seeq17.01
oracle oracle graalvm enterprise editioneq20.3.4
oracle oracle graalvm enterprise editioneq21.3.0

Name	Operator	Version
oracle oracle java se	eq	11.0.13
oracle oracle java se	eq	17.01
oracle oracle graalvm enterprise edition	eq	20.3.4
oracle oracle graalvm enterprise edition	eq	21.3.0