Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Software

CPE Name Name Version
oracle:graalvm oracle graalvm 20.3.5
oracle:graalvm oracle graalvm 21.3.1
oracle:graalvm oracle graalvm
oracle:jdk oracle jdk 18
oracle:jdk oracle jdk 17.0.2
oracle:jdk oracle jdk 11.0.14
oracle:jdk oracle jdk 8.0
oracle:jdk oracle jdk 7.0
netapp:element_software netapp element software -
netapp:oncommand_insight netapp oncommand insight -
netapp:e-series_santricity_storage_manager netapp e-series santricity storage manager -
netapp:solidfire netapp solidfire -
netapp:hci_management_node netapp hci management node -
netapp:active_iq_unified_manager netapp active iq unified manager -
netapp:santricity_unified_manager netapp santricity unified manager -
netapp:e-series_santricity_web_services netapp e-series santricity web services -
netapp:e-series_santricity_os_controller netapp e-series santricity os controller 11.70.1
netapp:cloud_insights_acquisition_unit netapp cloud insights acquisition unit -
netapp:cloud_secure_agent netapp cloud secure agent -
netapp:bootstrap_os netapp bootstrap os -
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
debian:debian_linux debian debian linux 11.0
azul:zulu azul zulu 7.52
azul:zulu azul zulu 8.60
azul:zulu azul zulu 11.54
azul:zulu azul zulu 13.46
azul:zulu azul zulu 15.38
azul:zulu azul zulu 17.32