CVE-2022-21618
Description
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
139- cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*Range: >=11.0,<=11.70.2
- cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*
cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*+ 1 more
- cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*
- cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:jdk:17.0.4.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jdk:17.0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:19:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:17.0.4.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:jre:17.0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
17.0.4.1, 19+ 1 more
- (no CPE)range: 17.0.4.1, 19
- (no CPE)range: Oracle Java SE:17.0.4.1
- Range: 21.3.3, 22.2.0
- osv-coords114 versionspkg:bitnami/javapkg:bitnami/java-minpkg:bitnami/jrepkg:rpm/almalinux/java-11-openjdkpkg:rpm/almalinux/java-11-openjdk-demopkg:rpm/almalinux/java-11-openjdk-demo-fastdebugpkg:rpm/almalinux/java-11-openjdk-demo-slowdebugpkg:rpm/almalinux/java-11-openjdk-develpkg:rpm/almalinux/java-11-openjdk-devel-fastdebugpkg:rpm/almalinux/java-11-openjdk-devel-slowdebugpkg:rpm/almalinux/java-11-openjdk-fastdebugpkg:rpm/almalinux/java-11-openjdk-headlesspkg:rpm/almalinux/java-11-openjdk-headless-fastdebugpkg:rpm/almalinux/java-11-openjdk-headless-slowdebugpkg:rpm/almalinux/java-11-openjdk-javadocpkg:rpm/almalinux/java-11-openjdk-javadoc-zippkg:rpm/almalinux/java-11-openjdk-jmodspkg:rpm/almalinux/java-11-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-11-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-11-openjdk-slowdebugpkg:rpm/almalinux/java-11-openjdk-srcpkg:rpm/almalinux/java-11-openjdk-src-fastdebugpkg:rpm/almalinux/java-11-openjdk-src-slowdebugpkg:rpm/almalinux/java-11-openjdk-static-libspkg:rpm/almalinux/java-11-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-11-openjdk-static-libs-slowdebugpkg:rpm/almalinux/java-17-openjdkpkg:rpm/almalinux/java-17-openjdk-demopkg:rpm/almalinux/java-17-openjdk-demo-fastdebugpkg:rpm/almalinux/java-17-openjdk-demo-slowdebugpkg:rpm/almalinux/java-17-openjdk-develpkg:rpm/almalinux/java-17-openjdk-devel-fastdebugpkg:rpm/almalinux/java-17-openjdk-devel-slowdebugpkg:rpm/almalinux/java-17-openjdk-fastdebugpkg:rpm/almalinux/java-17-openjdk-headlesspkg:rpm/almalinux/java-17-openjdk-headless-fastdebugpkg:rpm/almalinux/java-17-openjdk-headless-slowdebugpkg:rpm/almalinux/java-17-openjdk-javadocpkg:rpm/almalinux/java-17-openjdk-javadoc-zippkg:rpm/almalinux/java-17-openjdk-jmodspkg:rpm/almalinux/java-17-openjdk-jmods-fastdebugpkg:rpm/almalinux/java-17-openjdk-jmods-slowdebugpkg:rpm/almalinux/java-17-openjdk-slowdebugpkg:rpm/almalinux/java-17-openjdk-srcpkg:rpm/almalinux/java-17-openjdk-src-fastdebugpkg:rpm/almalinux/java-17-openjdk-src-slowdebugpkg:rpm/almalinux/java-17-openjdk-static-libspkg:rpm/almalinux/java-17-openjdk-static-libs-fastdebugpkg:rpm/almalinux/java-17-openjdk-static-libs-slowdebugpkg:rpm/opensuse/java-11-openj9&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/java-11-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/java-11-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-13-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-15-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/java-17-openj9&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/java-17-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/java-1_8_0-ibm&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/java-19-openjdk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/java-11-openj9&distro=SUSE%20Package%20Hub%2015%20SP6pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/java-11-openjdk&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/java-17-openj9&distro=SUSE%20Package%20Hub%2015%20SP6pkg:rpm/suse/java-17-openjdk&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP4pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 12.0.0, < 17.0.5+ 113 more
- (no CPE)range: >= 12.0.0, < 17.0.5
- (no CPE)range: >= 12.0.0, < 17.0.5
- (no CPE)range: >= 12.0.0, < 17.0.5
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:11.0.17.0.8-2.el8_6
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 1:17.0.5.0.8-2.el9_0
- (no CPE)range: < 11.0.26.0-bp156.4.3.1
- (no CPE)range: < 11.0.17.0-1.1
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-1.1
- (no CPE)range: < 13.0.13.0-1.1
- (no CPE)range: < 15.0.9.0-1.1
- (no CPE)range: < 17.0.14.0-bp156.3.3.1
- (no CPE)range: < 17.0.5.0-1.1
- (no CPE)range: < 17.0.5.0-150400.3.6.1
- (no CPE)range: < 17.0.5.0-1.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 19.0.1.0-1.1
- (no CPE)range: < 11.0.26.0-bp156.4.3.1
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-3.49.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-3.49.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 11.0.17.0-150000.3.86.2
- (no CPE)range: < 17.0.14.0-bp156.3.3.1
- (no CPE)range: < 17.0.5.0-150400.3.6.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-150000.3.65.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
- (no CPE)range: < 1.8.0_sr7.20-30.99.1
Patches
Vulnerability mechanics
References
7- www.oracle.com/security-alerts/cpuoct2022.htmlnvdPatchVendor Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/nvdMailing ListThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/nvdMailing ListThird Party Advisory
- security.netapp.com/advisory/ntap-20221028-0012/nvdThird Party Advisory
- security.gentoo.org/glsa/202401-25nvd
News mentions
0No linked articles in our index yet.