CVE-2022-21540

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21540
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21540.json
Related
Published
2022-07-19T22:15:11Z
Modified
2024-01-17T22:39:04.015056Z
Details

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0The exact introduced commit is unknown
Last affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/openjdk/jdk
Events
Introduced
Introduced
Introduced
Introduced
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Type
GIT
Repo
https://github.com/openjdk/jdk15u
Events
Introduced
Introduced
Introduced
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected
Last affected

Affected versions

Other

jdk-10+36
jdk-10+37
jdk-10+38
jdk-10+39
jdk-10+40
jdk-10+41
jdk-10+42
jdk-10+43
jdk-10+44
jdk-10+45
jdk-10+46
jdk-11+0
jdk-11+1
jdk-11+10
jdk-11+11
jdk-11+12
jdk-11+13
jdk-11+14
jdk-11+15
jdk-11+16
jdk-11+17
jdk-11+18
jdk-11+19
jdk-11+2
jdk-11+20
jdk-11+21
jdk-11+22
jdk-11+23
jdk-11+24
jdk-11+25
jdk-11+26
jdk-11+27
jdk-11+28
jdk-11+3
jdk-11+4
jdk-11+5
jdk-11+6
jdk-11+7
jdk-11+8
jdk-11+9
jdk-11-ga
jdk-12+0
jdk-12+1
jdk-12+10
jdk-12+11
jdk-12+12
jdk-12+13
jdk-12+14
jdk-12+15
jdk-12+16
jdk-12+17
jdk-12+18
jdk-12+19
jdk-12+2
jdk-12+20
jdk-12+21
jdk-12+22
jdk-12+23
jdk-12+24
jdk-12+25
jdk-12+26
jdk-12+27
jdk-12+28
jdk-12+29
jdk-12+3
jdk-12+30
jdk-12+31
jdk-12+32
jdk-12+33
jdk-12+4
jdk-12+5
jdk-12+6
jdk-12+7
jdk-12+8
jdk-12+9
jdk-12-ga
jdk-13+0
jdk-13+1
jdk-13+10
jdk-13+11
jdk-13+12
jdk-13+13
jdk-13+14
jdk-13+15
jdk-13+16
jdk-13+17
jdk-13+18
jdk-13+19
jdk-13+2
jdk-13+20
jdk-13+21
jdk-13+22
jdk-13+23
jdk-13+24
jdk-13+25
jdk-13+26
jdk-13+27
jdk-13+28
jdk-13+29
jdk-13+3
jdk-13+30
jdk-13+31
jdk-13+32
jdk-13+33
jdk-13+4
jdk-13+5
jdk-13+6
jdk-13+7
jdk-13+8
jdk-13+9
jdk-13-ga
jdk-14+0
jdk-14+1
jdk-14+10
jdk-14+11
jdk-14+12
jdk-14+13
jdk-14+14
jdk-14+15
jdk-14+16
jdk-14+17
jdk-14+18
jdk-14+19
jdk-14+2
jdk-14+20
jdk-14+21
jdk-14+22
jdk-14+23
jdk-14+24
jdk-14+25
jdk-14+26
jdk-14+27
jdk-14+28
jdk-14+29
jdk-14+3
jdk-14+30
jdk-14+31
jdk-14+32
jdk-14+33
jdk-14+34
jdk-14+35
jdk-14+36
jdk-14+4
jdk-14+5
jdk-14+6
jdk-14+7
jdk-14+8
jdk-14+9
jdk-14-ga
jdk-15+0
jdk-15+1
jdk-15+10
jdk-15+11
jdk-15+12
jdk-15+13
jdk-15+14
jdk-15+15
jdk-15+16
jdk-15+17
jdk-15+18
jdk-15+19
jdk-15+2
jdk-15+20
jdk-15+21
jdk-15+22
jdk-15+23
jdk-15+24
jdk-15+25
jdk-15+26
jdk-15+27
jdk-15+28
jdk-15+29
jdk-15+3
jdk-15+30
jdk-15+31
jdk-15+32
jdk-15+33
jdk-15+34
jdk-15+35
jdk-15+36
jdk-15+4
jdk-15+5
jdk-15+6
jdk-15+7
jdk-15+8
jdk-15+9
jdk-15-ga

jdk-15.*

jdk-15.0.1+0
jdk-15.0.1+1
jdk-15.0.1+2
jdk-15.0.1+3
jdk-15.0.1+4
jdk-15.0.1+5
jdk-15.0.1+6
jdk-15.0.1+7
jdk-15.0.1+8
jdk-15.0.1+9
jdk-15.0.1-ga
jdk-15.0.2+0
jdk-15.0.2+1
jdk-15.0.2+2
jdk-15.0.2+3
jdk-15.0.2+4
jdk-15.0.2+5
jdk-15.0.2+6
jdk-15.0.2+7
jdk-15.0.2-ga
jdk-15.0.3+0
jdk-15.0.3+1
jdk-15.0.3+2
jdk-15.0.3+3
jdk-15.0.3-ga
jdk-15.0.4+0
jdk-15.0.4+1
jdk-15.0.4+2
jdk-15.0.4+3
jdk-15.0.4+4
jdk-15.0.4+5
jdk-15.0.4-ga
jdk-15.0.5+0
jdk-15.0.5+1
jdk-15.0.5+2
jdk-15.0.5+3
jdk-15.0.5-ga
jdk-15.0.6+0
jdk-15.0.6+1
jdk-15.0.6+2
jdk-15.0.6+3
jdk-15.0.6+4
jdk-15.0.6+5
jdk-15.0.6-ga
jdk-15.0.7+0
jdk-15.0.7+1
jdk-15.0.7+2
jdk-15.0.7+3
jdk-15.0.7+4
jdk-15.0.7-ga

vm-19.*

vm-19.3.0
vm-19.3.0.2
vm-19.3.1
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-19.3.6

vm-20.*

vm-20.0.0
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-20.3.2
vm-20.3.3
vm-20.3.4
vm-20.3.5
vm-20.3.6

vm-21.*

vm-21.0.0
vm-21.0.0.2
vm-21.1.0
vm-21.2.0
vm-21.3.0
vm-21.3.1

vm-22.*

vm-22.0.0.2

vm-ce-21.*

vm-ce-21.2.0