5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.2%
Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79
package_evr_string: 11.0.18.0.10-1
CVE-ID: CVE-2022-21282
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: An easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks exploiting this vulnerability could result in unauthorized reading of available data from a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition. This vulnerability could also be exploited using an API in the specified component, such as through a web service that supplies data for the API.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2022-21299
BDU-ID: None
CVE-Crit: N/A
CVE-DESC: This easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. This vulnerability can also be exploited by using an API in the specified component, such as through a web service that supplies data for the API.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2022-21291
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: This easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks exploiting this vulnerability could result in unauthorized updates, insertions, or deletions of available data from a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition. This vulnerability could also be exploited using an API in a specified component, such as through a web service that supplies data for the API.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2022-21283
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: This easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. This vulnerability can also be exploited by using an API in a specified component, such as through a web service that supplies data for the API.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2022-21443
BDU-ID: None
CVE-Crit: LOW
CVE-DESC: This vulnerability is difficult to exploit and allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. This vulnerability can also be exploited by using an API in a specified component, such as through a web service that supplies data for the API.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2022-21426
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC: This easily exploitable vulnerability allows an unauthorized attacker with network access through multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks could result in an unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. This vulnerability can also be exploited by using an API in a specified component, such as through a web service that supplies data for the API.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.2 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.2%