CVE-2022-21277
Description
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
134- cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*+ 1 more
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*Range: >=11.0.0,<=11.70.1
- cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*
- cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*+ 1 more
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*+ 1 more
- cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*range: >=11,<=11.0.13
- cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*
11.0.13, 17.0.1+ 1 more
- (no CPE)range: 11.0.13, 17.0.1
- (no CPE)range: Oracle Java SE:11.0.13
- Range: 20.3.4, 21.3.0
- osv-coords104 versionspkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/almalinux/java-11-openjdkpkg:rpm/almalinux/java-11-openjdk-demopkg:rpm/almalinux/java-11-openjdk-demo-fastdebugpkg:rpm/almalinux/java-11-openjdk-demo-slowdebugpkg:rpm/almalinux/java-11-openjdk-develpkg:rpm/almalinux/java-11-openjdk-devel-fastdebugpkg:rpm/almalinux/java-11-openjdk-devel-slowdebugpkg:rpm/almalinux/java-11-openjdk-fastdebugpkg:rpm/almalinux/java-11-openjdk-headlesspkg:rpm/almalinux/java-11-openjdk-headless-fastdebugpkg:rpm/almalinux/java-11-openjdk-headless-slowdebugpkg:rpm/almalinux/java-11-openjdk-javadocpkg:rpm/almalinux/java-11-openjdk-javadoc-zippkg:rpm/almalinux/java-11-openjdk-jmodspkg:rpm/almalinux/java-11-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-11-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-11-openjdk-slowdebugpkg:rpm/almalinux/java-11-openjdk-srcpkg:rpm/almalinux/java-11-openjdk-src-fastdebugpkg:rpm/almalinux/java-11-openjdk-src-slowdebugpkg:rpm/almalinux/java-11-openjdk-static-libspkg:rpm/almalinux/java-11-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-11-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-17-openjdkpkg:rpm/almalinux/java-17-openjdk-demopkg:rpm/almalinux/java-17-openjdk-demo-fastdebugpkg:rpm/almalinux/java-17-openjdk-demo-slowdebugpkg:rpm/almalinux/java-17-openjdk-develpkg:rpm/almalinux/java-17-openjdk-devel-fastdebugpkg:rpm/almalinux/java-17-openjdk-devel-slowdebugpkg:rpm/almalinux/java-17-openjdk-fastdebugpkg:rpm/almalinux/java-17-openjdk-headlesspkg:rpm/almalinux/java-17-openjdk-headless-fastdebugpkg:rpm/almalinux/java-17-openjdk-headless-slowdebugpkg:rpm/almalinux/java-17-openjdk-javadocpkg:rpm/almalinux/java-17-openjdk-javadoc-zippkg:rpm/almalinux/java-17-openjdk-jmodspkg:rpm/almalinux/java-17-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-17-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-17-openjdk-slowdebugpkg:rpm/almalinux/java-17-openjdk-srcpkg:rpm/almalinux/java-17-openjdk-src-fastdebugpkg:rpm/almalinux/java-17-openjdk-src-slowdebugpkg:rpm/almalinux/java-17-openjdk-static-libspkg:rpm/almalinux/java-17-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-17-openjdk-static-libs-slowdebugpkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-13-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-15-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/java-1_8_0-ibm&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 9.0.0, < 11.0.14+ 103 more
- (no CPE)range: >= 9.0.0, < 11.0.14
- (no CPE)range: >= 9.0.0, < 11.0.14
- (no CPE)range: >= 9.0.0, < 11.0.14
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:11.0.14.0.9-2.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 1:17.0.2.0.8-4.el8_5
- (no CPE)range: < 11.0.14.0-3.74.2
- (no CPE)range: < 11.0.14.0-1.1
- (no CPE)range: < 13.0.10.0-1.1
- (no CPE)range: < 15.0.6.0-1.1
- (no CPE)range: < 17.0.2.0-1.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0.322-3.21.2
- (no CPE)range: < 11.0.14.0-3.74.2
- (no CPE)range: < 11.0.14.0-3.74.2
- (no CPE)range: < 11.0.14.0-3.74.2
- (no CPE)range: < 11.0.14.0-3.40.4
- (no CPE)range: < 11.0.14.0-3.40.4
- (no CPE)range: < 1.7.0_sr11.5-65.66.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-26.71.2
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.7.1_sr5.5-38.68.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-150000.3.56.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
- (no CPE)range: < 1.8.0_sr7.5-30.87.1
Patches
Vulnerability mechanics
References
5- security.gentoo.org/glsa/202209-05nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20220121-0007/nvdThird Party Advisory
- www.debian.org/security/2022/dsa-5057nvdThird Party Advisory
- www.debian.org/security/2022/dsa-5058nvdThird Party Advisory
- www.oracle.com/security-alerts/cpujan2022.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.