7.5

CVE-2022-21449

Warnung
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleGraalvm Version21.3.1 SwEditionenterprise
OracleGraalvm Version22.0.0.2 SwEditionenterprise
OracleJdk Version17.0.2
OracleJdk Version18
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
NetappActive Iq Unified Manager Version- SwPlatformvsphere
NetappActive Iq Unified Manager Version- SwPlatformwindows
NetappCloud Insights Version-
NetappOncommand Insight Version-
NetappHci Compute Node Version-
AzulZulu Version15.38
AzulZulu Version17.32
AzulZulu Version18.28
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 48.24% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
secalert_us@oracle.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20220429-0006/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5128
Third Party Advisory
https://www.debian.org/security/2022/dsa-5131
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/28/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/28/4
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/28/5
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/28/6
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/28/7
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/29/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/30/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/30/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/30/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/04/30/4
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/05/01/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/05/01/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/05/02/1
Third Party Advisory
Mailing List