CVE-2022-21476

🗓️ 19 Apr 2022 20:38:20Reported by oracleType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 458 Views

Vulnerability in Oracle Java SE and GraalVM (CVE-2022-21476

Reporter	Title	Published	Views	Family All 306
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime	25 May 202209:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	6 Oct 202204:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data	15 Apr 202502:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in Java SE (CVE-2022-21476)	20 Jun 202303:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD is affected by multiple vulnerabilities	13 Jun 202508:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Java DOS vulnerabilities detected	28 Sep 202221:24	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.15.0.10-alt1_1jpp11	14 Jul 202200:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package java-1.8.0-openjdk version 0:1.8.0.332.b09-alt0_0.1.eajpp8	27 Apr 202200:00	–	altlinux
ATTACKERKB	CVE-2022-21476	19 Apr 202221:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : java-1.8.0-amazon-corretto (ALAS-2022-002) (deprecated)	28 Apr 202200:00	–	nessus

NVD

Vulners

Node

oracle graalvmMatch20.3.5enterprise

oracle graalvmMatch21.3.1enterprise

oracle graalvmMatch22.0.0.2enterprise

oracle jdkMatch7.0update_331

oracle jdkMatch8.0update_321

oracle jdkMatch11.0.14

oracle jdkMatch17.0.2

oracle jdkMatch18

Node

netapp active_iq_unified_managerMatch-vmware_vsphere

netapp active_iq_unified_managerMatch-windows

netapp cloud_insights_acquisition_unitMatch-

netapp cloud_secure_agentMatch-

netapp e-series_santricity_os_controllerRange11.0.0–11.70.1

netapp e-series_santricity_storage_managerMatch-

netapp e-series_santricity_web_servicesMatch-web_services_proxy

netapp element_softwareMatch-

netapp hci_management_nodeMatch-

netapp oncommand_insightMatch-

netapp santricity_unified_managerMatch-

netapp solidfireMatch-

Node

netapp bootstrap_osMatch-

AND

netapp hci_compute_nodeMatch-

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

azul zuluMatch7.52

azul zuluMatch8.60

azul zuluMatch11.54

azul zuluMatch13.46

azul zuluMatch15.38

azul zuluMatch17.32

Node

oracle openjdkRange11–11.0.14

oracle openjdkRange13–13.0.10

oracle openjdkRange15–15.0.6

oracle openjdkRange17–17.0.2

oracle openjdkMatch7-

oracle openjdkMatch7update1

oracle openjdkMatch7update10

oracle openjdkMatch7update101

oracle openjdkMatch7update11

oracle openjdkMatch7update111

oracle openjdkMatch7update121

oracle openjdkMatch7update13

oracle openjdkMatch7update131

oracle openjdkMatch7update141

oracle openjdkMatch7update15

oracle openjdkMatch7update151

oracle openjdkMatch7update161

oracle openjdkMatch7update17

oracle openjdkMatch7update171

oracle openjdkMatch7update181

oracle openjdkMatch7update191

oracle openjdkMatch7update2

oracle openjdkMatch7update201

oracle openjdkMatch7update21

oracle openjdkMatch7update211

oracle openjdkMatch7update221

oracle openjdkMatch7update231

oracle openjdkMatch7update241

oracle openjdkMatch7update25

oracle openjdkMatch7update251

oracle openjdkMatch7update261

oracle openjdkMatch7update271

oracle openjdkMatch7update281

oracle openjdkMatch7update291

oracle openjdkMatch7update3

oracle openjdkMatch7update301

oracle openjdkMatch7update311

oracle openjdkMatch7update321

oracle openjdkMatch7update331

oracle openjdkMatch7update4

oracle openjdkMatch7update40

oracle openjdkMatch7update45

oracle openjdkMatch7update5

oracle openjdkMatch7update51

oracle openjdkMatch7update55

oracle openjdkMatch7update6

oracle openjdkMatch7update60

oracle openjdkMatch7update65

oracle openjdkMatch7update67

oracle openjdkMatch7update7

oracle openjdkMatch7update72

oracle openjdkMatch7update76

oracle openjdkMatch7update80

oracle openjdkMatch7update85

oracle openjdkMatch7update9

oracle openjdkMatch7update91

oracle openjdkMatch7update95

oracle openjdkMatch7update97

oracle openjdkMatch7update99

oracle openjdkMatch8-

oracle openjdkMatch8milestone1

oracle openjdkMatch8milestone2

oracle openjdkMatch8milestone3

oracle openjdkMatch8milestone4

oracle openjdkMatch8milestone5

oracle openjdkMatch8milestone6

oracle openjdkMatch8milestone7

oracle openjdkMatch8milestone8

oracle openjdkMatch8milestone9

oracle openjdkMatch8update101

oracle openjdkMatch8update102

oracle openjdkMatch8update11

oracle openjdkMatch8update111

oracle openjdkMatch8update112

oracle openjdkMatch8update121

oracle openjdkMatch8update131

oracle openjdkMatch8update141

oracle openjdkMatch8update151

oracle openjdkMatch8update152

oracle openjdkMatch8update161

oracle openjdkMatch8update162

oracle openjdkMatch8update171

oracle openjdkMatch8update172

oracle openjdkMatch8update181

oracle openjdkMatch8update191

oracle openjdkMatch8update192

oracle openjdkMatch8update20

oracle openjdkMatch8update201

oracle openjdkMatch8update202

oracle openjdkMatch8update211

oracle openjdkMatch8update212

oracle openjdkMatch8update221

oracle openjdkMatch8update222

oracle openjdkMatch8update231

oracle openjdkMatch8update232

oracle openjdkMatch8update241

oracle openjdkMatch8update242

oracle openjdkMatch8update25

oracle openjdkMatch8update252

oracle openjdkMatch8update262

oracle openjdkMatch8update271

oracle openjdkMatch8update281

oracle openjdkMatch8update282

oracle openjdkMatch8update291

oracle openjdkMatch8update301

oracle openjdkMatch8update302

oracle openjdkMatch8update31

oracle openjdkMatch8update312

oracle openjdkMatch8update322

oracle openjdkMatch8update40

oracle openjdkMatch8update45

oracle openjdkMatch8update5

oracle openjdkMatch8update51

oracle openjdkMatch8update60

oracle openjdkMatch8update65

oracle openjdkMatch8update66

oracle openjdkMatch8update71

oracle openjdkMatch8update72

oracle openjdkMatch8update73

oracle openjdkMatch8update74

oracle openjdkMatch8update77

oracle openjdkMatch8update91

oracle openjdkMatch8update92

oracle openjdkMatch18

[
  {
    "product": "Java SE JDK and JRE",
    "vendor": "Oracle Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Oracle Java SE:7u331"
      },
      {
        "status": "affected",
        "version": "Oracle Java SE:8u321"
      },
      {
        "status": "affected",
        "version": "Oracle Java SE:11.0.14"
      },
      {
        "status": "affected",
        "version": "Oracle Java SE:17.0.2"
      },
      {
        "status": "affected",
        "version": "Oracle Java SE:18"
      },
      {
        "status": "affected",
        "version": "Oracle GraalVM Enterprise Edition:20.3.5"
      },
      {
        "status": "affected",
        "version": "Oracle GraalVM Enterprise Edition:21.3.1"
      },
      {
        "status": "affected",
        "version": "Oracle GraalVM Enterprise Edition:22.0.0.2"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.debian.org/debian-lts-announce/2022/05/msg00017.html
security	www.security.netapp.com/advisory/ntap-20220429-0006/
debian	www.debian.org/security/2022/dsa-5128
debian	www.debian.org/security/2022/dsa-5131

27 May 2026 15:16Current

7High risk

Vulners AI Score7

CVSS 25

CVSS 3.17.5

EPSS0.00167

SSVC

CWE-284

oracle java se graalvm cve-2022-21476 vulnerability network access unauthorized access exploitable