Lucene search

K
cveOracleCVE-2022-21434
HistoryApr 19, 2022 - 9:15 p.m.

CVE-2022-21434

2022-04-1921:15:15
oracle
web.nvd.nist.gov
208
4
cve-2022
vulnerability
oracle java se
oracle graalvm enterprise edition
network access
unauthorized access
data compromise
java
security bug

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.003

Percentile

66.6%

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Affected configurations

Nvd
Vulners
Node
oraclegraalvmMatch20.3.5enterprise
OR
oraclegraalvmMatch21.3.1enterprise
OR
oraclegraalvmMatch22.0.0.2enterprise
OR
oraclejdkMatch1.7.0update331
OR
oraclejdkMatch1.8.0update321
OR
oraclejdkMatch11.0.14
OR
oraclejdkMatch17.0.2
OR
oraclejdkMatch18
OR
oraclejreMatch1.7.0update331
OR
oraclejreMatch1.8.0update321
OR
oraclejreMatch11.0.14
OR
oraclejreMatch17.0.2
OR
oraclejreMatch18
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
netapp7-mode_transition_toolMatch-
OR
netappactive_iq_unified_managerMatch-vsphere
OR
netappactive_iq_unified_managerMatch-windows
OR
netappcloud_insights_acquisition_unitMatch-
OR
netappcloud_secure_agentMatch-
OR
netappe-series_santricity_os_controllerRange11.0.011.70.1
OR
netappe-series_santricity_storage_managerMatch-
OR
netappe-series_santricity_web_servicesMatch-web_services_proxy
OR
netapponcommand_insightMatch-
OR
netappsantricity_unified_managerMatch-
OR
netappsolidfire\,_enterprise_sds_\&_hci_storage_nodeMatch-
OR
netappsolidfire_\&_hci_management_nodeMatch-
OR
netapphci_compute_node_firmwareMatch-
Node
azulzuluMatch6.45
OR
azulzuluMatch7.52
OR
azulzuluMatch8.60
OR
azulzuluMatch11.54
OR
azulzuluMatch13.46
OR
azulzuluMatch15.38
OR
azulzuluMatch17.32
OR
azulzuluMatch18.28
VendorProductVersionCPE
oraclegraalvm20.3.5cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*
oraclegraalvm21.3.1cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*
oraclegraalvm22.0.0.2cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update331:*:*:*:*:*:*
oraclejdk1.8.0cpe:2.3:a:oracle:jdk:1.8.0:update321:*:*:*:*:*:*
oraclejdk11.0.14cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*
oraclejdk17.0.2cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*
oraclejdk18cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update331:*:*:*:*:*:*
oraclejre1.8.0cpe:2.3:a:oracle:jre:1.8.0:update321:*:*:*:*:*:*
Rows per page:
1-10 of 371

CNA Affected

[
  {
    "vendor": "Oracle Corporation",
    "product": "Java SE JDK and JRE",
    "versions": [
      {
        "version": "Oracle Java SE:7u331",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:8u321",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:11.0.14",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:17.0.2",
        "status": "affected"
      },
      {
        "version": "Oracle Java SE:18",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:20.3.5",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:21.3.1",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:22.0.0.2",
        "status": "affected"
      }
    ]
  }
]

Social References

More

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.003

Percentile

66.6%