Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-21476
HistoryApr 19, 2022 - 9:15 p.m.

CVE-2022-21476

2022-04-1921:15:17
[email protected]
web.nvd.nist.gov
1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected configurations

NVD
Node
oraclegraalvmMatch20.3.5enterprise
OR
oraclegraalvmMatch21.3.1enterprise
OR
oraclegraalvmMatch22.0.0.2enterprise
OR
oraclejdkMatch7.0update_331
OR
oraclejdkMatch8.0update_321
OR
oraclejdkMatch11.0.14
OR
oraclejdkMatch17.0.2
OR
oraclejdkMatch18
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappactive_iq_unified_managerMatch-windows
OR
netappcloud_insights_acquisition_unitMatch-
OR
netappcloud_secure_agentMatch-
OR
netappe-series_santricity_os_controllerRange11.0.011.70.1
OR
netappe-series_santricity_storage_managerMatch-
OR
netappe-series_santricity_web_servicesMatch-web_services_proxy
OR
netappelement_softwareMatch-
OR
netapphci_management_nodeMatch-
OR
netapponcommand_insightMatch-
OR
netappsantricity_unified_managerMatch-
OR
netappsolidfireMatch-
Node
netappbootstrap_osMatch-
AND
netapphci_compute_nodeMatch-
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
azulzuluMatch7.52
OR
azulzuluMatch8.60
OR
azulzuluMatch11.54
OR
azulzuluMatch13.46
OR
azulzuluMatch15.38
OR
azulzuluMatch17.32
Node
oracleopenjdkRange1111.0.14
OR
oracleopenjdkRange1313.0.10
OR
oracleopenjdkRange1515.0.6
OR
oracleopenjdkRange1717.0.2
OR
oracleopenjdkMatch7-
OR
oracleopenjdkMatch7update1
OR
oracleopenjdkMatch7update10
OR
oracleopenjdkMatch7update101
OR
oracleopenjdkMatch7update11
OR
oracleopenjdkMatch7update111
OR
oracleopenjdkMatch7update121
OR
oracleopenjdkMatch7update13
OR
oracleopenjdkMatch7update131
OR
oracleopenjdkMatch7update141
OR
oracleopenjdkMatch7update15
OR
oracleopenjdkMatch7update151
OR
oracleopenjdkMatch7update161
OR
oracleopenjdkMatch7update17
OR
oracleopenjdkMatch7update171
OR
oracleopenjdkMatch7update181
OR
oracleopenjdkMatch7update191
OR
oracleopenjdkMatch7update2
OR
oracleopenjdkMatch7update201
OR
oracleopenjdkMatch7update21
OR
oracleopenjdkMatch7update211
OR
oracleopenjdkMatch7update221
OR
oracleopenjdkMatch7update231
OR
oracleopenjdkMatch7update241
OR
oracleopenjdkMatch7update25
OR
oracleopenjdkMatch7update251
OR
oracleopenjdkMatch7update261
OR
oracleopenjdkMatch7update271
OR
oracleopenjdkMatch7update281
OR
oracleopenjdkMatch7update291
OR
oracleopenjdkMatch7update3
OR
oracleopenjdkMatch7update301
OR
oracleopenjdkMatch7update311
OR
oracleopenjdkMatch7update321
OR
oracleopenjdkMatch7update331
OR
oracleopenjdkMatch7update4
OR
oracleopenjdkMatch7update40
OR
oracleopenjdkMatch7update45
OR
oracleopenjdkMatch7update5
OR
oracleopenjdkMatch7update51
OR
oracleopenjdkMatch7update55
OR
oracleopenjdkMatch7update6
OR
oracleopenjdkMatch7update60
OR
oracleopenjdkMatch7update65
OR
oracleopenjdkMatch7update67
OR
oracleopenjdkMatch7update7
OR
oracleopenjdkMatch7update72
OR
oracleopenjdkMatch7update76
OR
oracleopenjdkMatch7update80
OR
oracleopenjdkMatch7update85
OR
oracleopenjdkMatch7update9
OR
oracleopenjdkMatch7update91
OR
oracleopenjdkMatch7update95
OR
oracleopenjdkMatch7update97
OR
oracleopenjdkMatch7update99
OR
oracleopenjdkMatch8-
OR
oracleopenjdkMatch8milestone1
OR
oracleopenjdkMatch8milestone2
OR
oracleopenjdkMatch8milestone3
OR
oracleopenjdkMatch8milestone4
OR
oracleopenjdkMatch8milestone5
OR
oracleopenjdkMatch8milestone6
OR
oracleopenjdkMatch8milestone7
OR
oracleopenjdkMatch8milestone8
OR
oracleopenjdkMatch8milestone9
OR
oracleopenjdkMatch8update101
OR
oracleopenjdkMatch8update102
OR
oracleopenjdkMatch8update11
OR
oracleopenjdkMatch8update111
OR
oracleopenjdkMatch8update112
OR
oracleopenjdkMatch8update121
OR
oracleopenjdkMatch8update131
OR
oracleopenjdkMatch8update141
OR
oracleopenjdkMatch8update151
OR
oracleopenjdkMatch8update152
OR
oracleopenjdkMatch8update161
OR
oracleopenjdkMatch8update162
OR
oracleopenjdkMatch8update171
OR
oracleopenjdkMatch8update172
OR
oracleopenjdkMatch8update181
OR
oracleopenjdkMatch8update191
OR
oracleopenjdkMatch8update192
OR
oracleopenjdkMatch8update20
OR
oracleopenjdkMatch8update201
OR
oracleopenjdkMatch8update202
OR
oracleopenjdkMatch8update211
OR
oracleopenjdkMatch8update212
OR
oracleopenjdkMatch8update221
OR
oracleopenjdkMatch8update222
OR
oracleopenjdkMatch8update231
OR
oracleopenjdkMatch8update232
OR
oracleopenjdkMatch8update241
OR
oracleopenjdkMatch8update242
OR
oracleopenjdkMatch8update25
OR
oracleopenjdkMatch8update252
OR
oracleopenjdkMatch8update262
OR
oracleopenjdkMatch8update271
OR
oracleopenjdkMatch8update281
OR
oracleopenjdkMatch8update282
OR
oracleopenjdkMatch8update291
OR
oracleopenjdkMatch8update301
OR
oracleopenjdkMatch8update302
OR
oracleopenjdkMatch8update31
OR
oracleopenjdkMatch8update312
OR
oracleopenjdkMatch8update322
OR
oracleopenjdkMatch8update40
OR
oracleopenjdkMatch8update45
OR
oracleopenjdkMatch8update5
OR
oracleopenjdkMatch8update51
OR
oracleopenjdkMatch8update60
OR
oracleopenjdkMatch8update65
OR
oracleopenjdkMatch8update66
OR
oracleopenjdkMatch8update71
OR
oracleopenjdkMatch8update72
OR
oracleopenjdkMatch8update73
OR
oracleopenjdkMatch8update74
OR
oracleopenjdkMatch8update77
OR
oracleopenjdkMatch8update91
OR
oracleopenjdkMatch8update92
OR
oracleopenjdkMatch18

Related

cve 1
openvas 28
redhatcve 1
veracode 1
alpinelinux 1
prion 1
osv 14
debiancve 1
cvelist 1
nessus 73
ubuntucve 1
ibm 5
redhat 30
almalinux 3
amazon 5
cloudlinux 2
mageia 1
oraclelinux 8
centos 2
debian 3
rocky 3
altlinux 2
ubuntu 4
suse 4
rosalinux 1
kaspersky 1
f5 1
redos 1
cve
cve
CVE-2022-21476
2022-04-19 21:15:17
openvas
openvas
Oracle OpenJDK Unspecified Vulnerability (CVE-2022-21476)
2022-04-21 00:00:00
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2022-2224)
2022-08-18 00:00:00
Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2022-2272)
2022-08-18 00:00:00
redhatcve
redhatcve
CVE-2022-21476
2022-04-20 08:23:36
veracode
veracode
Privilege Escalation
2022-04-23 09:07:54
alpinelinux
alpinelinux
CVE-2022-21476
2022-04-19 21:15:17
prion
prion
Design/Logic Flaw
2022-04-19 21:15:00
osv
osv
CVE-2022-21476
2022-04-19 21:15:17
openjdk-11 - security update
2022-05-05 00:00:00
Important: java-1.8.0-openjdk security update
2022-04-25 15:17:09
debiancve
debiancve
CVE-2022-21476
2022-04-19 21:15:17
cvelist
cvelist
CVE-2022-21476
2022-04-19 20:38:20
nessus
nessus
EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2022-2224)
2022-08-17 00:00:00
EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2022-2272)
2022-08-17 00:00:00
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 45, 9.x < 9.0.0 Patch 38, 10.0.x < 10.0.6 Multiple Vulnerabilities
2024-03-14 00:00:00
ubuntucve
ubuntucve
CVE-2022-21476
2022-04-19 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in Java SE (CVE-2022-21476)
2023-06-20 03:09:40
Security Bulletin: Multiple vulnerabilities may affect IBM® Semeru Runtime
2022-05-25 09:44:34
Security Bulletin: Multiple Java DOS vulnerabilities detected
2022-09-28 21:24:11
redhat
redhat
(RHSA-2022:1442) Important: java-11-openjdk security update
2022-04-20 12:24:01
(RHSA-2022:1438) Important: OpenJDK 8u332 security update for Portable Linux Builds
2022-04-28 18:57:17
(RHSA-2022:1728) Important: java-11-openjdk security update
2022-05-17 22:32:47
almalinux
almalinux
Important: java-11-openjdk security update
2022-04-20 12:24:01
Important: java-1.8.0-openjdk security update
2022-04-25 15:17:09
Important: java-17-openjdk security and bug fix update
2022-04-20 12:21:21
amazon
amazon
Important: java-11-amazon-corretto
2022-04-25 23:48:00
Important: java-11-amazon-corretto
2022-04-25 22:55:00
Important: java-1.7.0-openjdk
2022-09-01 21:09:00
cloudlinux
cloudlinux
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21426, CVE-2022-21496
2022-06-02 12:59:09
Fixed 50 CVEs in java-1.7.0-openjdk
2022-08-22 13:56:04
mageia
mageia
Updated java packages fix security vulnerability
2022-07-16 22:58:20
oraclelinux
oraclelinux
java-11-openjdk security, bug fix, and enhancement update
2022-04-20 00:00:00
java-11-openjdk security update
2022-04-20 00:00:00
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-04-25 00:00:00
centos
centos
java security update
2022-05-13 17:30:46
java security update
2022-05-13 17:34:53
debian
debian
[SECURITY] [DLA 3006-1] openjdk-8 security update
2022-05-14 09:20:52
[SECURITY] [DSA 5128-1] openjdk-17 security update
2022-05-03 21:01:53
[SECURITY] [DSA 5131-1] openjdk-11 security update
2022-05-05 17:16:55
rocky
rocky
java-1.8.0-openjdk security update
2022-04-25 15:17:09
java-11-openjdk security update
2022-04-20 12:24:01
java-17-openjdk security and bug fix update
2022-04-20 12:21:21
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.15.0.10-alt1_1jpp11
2022-07-14 00:00:00
Security fix for the ALT Linux 10 package java-1.8.0-openjdk version 0:1.8.0.332.b09-alt0_0.1.eajpp8
2022-04-27 00:00:00
ubuntu
ubuntu
OpenJDK vulnerabilities
2022-04-26 00:00:00
OpenJDK vulnerabilities
2022-04-26 00:00:00
OpenJDK 8 vulnerabilities
2022-08-04 00:00:00
suse
suse
Security update for java-11-openjdk (important)
2022-05-03 00:00:00
Security update for java-1_8_0-openjdk (important)
2022-07-22 00:00:00
Security update for java-1_8_0-openj9 (important)
2022-09-06 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2138
2023-04-04 15:18:16
kaspersky
kaspersky
KLA12516 Multiple vulnerabilities in Oracle Java SE and GraalVM
2022-04-19 00:00:00
f5
f5
K32172755 : Multiple Java vulnerabilities CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476 and CVE-2022-21496
2022-05-27 00:00:00
redos
redos
ROS-20240529-01
2024-05-29 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON
Related for NVD:CVE-2022-21476
cve1openvas28redhatcve1veracode1alpinelinux1prion1osv14debiancve1cvelist1nessus73ubuntucve1ibm5redhat30almalinux3amazon5cloudlinux2mageia1oraclelinux8centos2debian3rocky3altlinux2ubuntu4suse4rosalinux1kaspersky1f51redos1