Unrated severityNVD Advisory· Published Jul 19, 2022· Updated Aug 3, 2024

CVE-2022-21549

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Affected products

osv-coords64 versions
pkg:bitnami/java pkg:bitnami/java-min pkg:bitnami/jre pkg:rpm/almalinux/java-17-openjdk pkg:rpm/almalinux/java-17-openjdk-demo pkg:rpm/almalinux/java-17-openjdk-demo-fastdebug pkg:rpm/almalinux/java-17-openjdk-demo-slowdebug pkg:rpm/almalinux/java-17-openjdk-devel pkg:rpm/almalinux/java-17-openjdk-devel-fastdebug pkg:rpm/almalinux/java-17-openjdk-devel-slowdebug pkg:rpm/almalinux/java-17-openjdk-fastdebug pkg:rpm/almalinux/java-17-openjdk-headless pkg:rpm/almalinux/java-17-openjdk-headless-fastdebug pkg:rpm/almalinux/java-17-openjdk-headless-slowdebug pkg:rpm/almalinux/java-17-openjdk-javadoc pkg:rpm/almalinux/java-17-openjdk-javadoc-zip pkg:rpm/almalinux/java-17-openjdk-jmods pkg:rpm/almalinux/java-17-openjdk-jmods-fastdebug pkg:rpm/almalinux/java-17-openjdk-jmods-slowdebug pkg:rpm/almalinux/java-17-openjdk-slowdebug pkg:rpm/almalinux/java-17-openjdk-src pkg:rpm/almalinux/java-17-openjdk-src-fastdebug pkg:rpm/almalinux/java-17-openjdk-src-slowdebug pkg:rpm/almalinux/java-17-openjdk-static-libs pkg:rpm/almalinux/java-17-openjdk-static-libs-fastdebug pkg:rpm/almalinux/java-17-openjdk-static-libs-slowdebug pkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/java-17-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Proxy%204.1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Server%204.1 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 12.0.0, < 17.0.4+ 63 more
- (no CPE)range: >= 12.0.0, < 17.0.4
- (no CPE)range: >= 12.0.0, < 17.0.4
- (no CPE)range: >= 12.0.0, < 17.0.4
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 1:17.0.4.0.8-2.el9_0
- (no CPE)range: < 17.0.4.0-1.1
- (no CPE)range: < 17.0.4.0-150400.3.3.1
- (no CPE)range: < 17.0.4.0-1.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 1.7.1_sr5.15-38.74.1
- (no CPE)range: < 17.0.4.0-150400.3.3.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-150000.3.62.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
- (no CPE)range: < 1.8.0_sr7.11-30.93.1
Oracle Corporation/Java SE JDK and JREv5
Range: Oracle Java SE:17.0.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/mitrevendor-advisory
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/mitrevendor-advisory
security.gentoo.org/glsa/202401-25mitrevendor-advisory
www.debian.org/security/2022/dsa-5192mitrevendor-advisory
security.netapp.com/advisory/ntap-20220729-0009/mitre
www.oracle.com/security-alerts/cpujul2022.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000