CVE-2022-21540

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21540
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21540.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-21540
Related
Published
2022-07-19T22:15:11Z
Modified
2024-09-03T11:17:40.132644Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
283b613ae93663c6d5d66ef63e43e9dbc8bfffd8
Last affected
3f79371c56c7b91e624de14e3ae096d273f5d020
Last affected
ac51a376132442367913ff0a3937b77f61ce58fe
Type
GIT
Repo
https://github.com/openjdk/jdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0620440d1f92448c18cedb790913579beaff19d8
Last affected
0bd0f10d2c5965369490624627f16a39d35c8734
Last affected
0d3829a2c5a70961ffc539865adc1442c1a30bb1
Last affected
0f2113cee79b9645105b4753c7d7eacb83b872c2
Last affected
13ad3ed8b99f8c872eebb5d0bb647d5bb44ea0b5
Last affected
1408dbfdbe550dcdea4cb9a849fab6cb371ded18
Last affected
181483b90bcc7d4e44109a14213d4ee2804f7f32
Last affected
1c11f83e9262d3bf07b9d095a7b1d3659f1f2a9e
Last affected
22e500e3a917594cd93baaf8b5c7d29360d250d1
Last affected
27cab0e0c87f124277c7afeb5dd6a8750443804e
Last affected
34063e3656db6d0cadb9168f37024e6e66fc2372
Last affected
38378b7ee032d70653b3f0d4205f2305cf4f1170
Last affected
38930ae468910fb1d763f18c1d9473beffa7f3cb
Last affected
423befc9a0123b2cf13041f8acbb2a0000ddccdc
Last affected
493ac9ee8f9c4fb66b687bd740b8e1fb5ee8b86a
Last affected
6412341d454eee8a151cf89b51cabfb7b3d87140
Last affected
650aac0d5e472ff99afc1cccf900bdee2002286b
Last affected
69efabad3d8a2ff47a62a4626c574a56edec1cfd
Last affected
6c04fd835e86522d2136ee663e19cfd5f71b9aa8
Last affected
6e1d4b9a47d7a164e183703af6dc196269487729
Last affected
7517b9d19367e1f057e5450d7871135b5f878d02
Last affected
7588f37667fd2a8c00d9a1a6e1afc605b75e0dc2
Last affected
75c48b0d1b36d9361a412ee2db2f51b7d9b6ef1c
Last affected
7ba83041b1d65545833655293d0976dfd1ffdea8
Last affected
7c18f827d7f096cbeb96b086a8516754f0c70221
Last affected
7ff3916e57ab852014885c3e7bdb95e5c1ed8c1e
Last affected
81ecd2932e0caee8ed01955fccc9e958c6a5cda3
Last affected
8261ee6da3c5843806c20808cc4206c73bb0efac
Last affected
82d185e64838992b019c90133d508d479d5ced0a
Last affected
880e09412543af479bc335faeda6196489a2a045
Last affected
88b37fb2a8aecf2b0afa75904d212da11919aa98
Last affected
925752098ba63b25c1cb635f50a53684d4094f8b
Last affected
9d43d25da8bcfff425a795dcc230914a384a5c82
Last affected
b4b746fb274cb65f8cbf4a884bb20749a8f35d2b
Last affected
ba79b2bcce1ceefdeb44bb7075bc5d2647a56834
Last affected
bd04d75035a888d5034c5f7e2e0508d1d28d14af
Last affected
c1ff9b2e3b5e31e5874ca7d7a38ea4fbd9bbdd5d
Last affected
cfa6e0878b1aff48b521ee21d2598abe7f4964c2
Last affected
d08e6435e4026542e4d4bffdf12748e83ef0f9fb
Last affected
d38a1f186d640dede9fccb727ec98db3a413f9d8
Last affected
d49120d46668eaaab9df465a9ee17b696cb4e37f
Last affected
e21ea57f72b20424ac38930bcf56513cd42642e5
Last affected
e514f9072fc6ea3d2ad4e9a81251bf1fc1ed1eb6
Last affected
e7187d14db3748428c4a312203549f7ee31d4471
Last affected
e7d87b234c444e39369e8575284f785c56113324
Last affected
e9a2e84e45e1120aa306a01dfb087200f6a7f903
Last affected
ed6697aa20e3f9c17a496a544b10bfe3543de38f
Type
GIT
Repo
https://github.com/openjdk/jdk15u
Events
Introduced
4a588d89f01a650d90432cc14697a5a2ae2c97d3
Last affected
02e3b1dd58b824d5a9b44ff3cf2f53061b5c5ffd

Affected versions

Other

jdk-15+36
jdk-15-ga
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b29
jdk7-b30
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b37
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b42
jdk7-b43
jdk7-b44
jdk7-b45

jdk-15.*

jdk-15.0.1+1
jdk-15.0.1+2
jdk-15.0.1+3
jdk-15.0.1+4
jdk-15.0.1+5
jdk-15.0.1+6
jdk-15.0.1+7
jdk-15.0.1+8
jdk-15.0.1+9
jdk-15.0.1-ga
jdk-15.0.2+0
jdk-15.0.2+1
jdk-15.0.2+2
jdk-15.0.2+3
jdk-15.0.2+4
jdk-15.0.2+5
jdk-15.0.2+6
jdk-15.0.2+7
jdk-15.0.2-ga
jdk-15.0.3+0
jdk-15.0.3+1
jdk-15.0.3+2
jdk-15.0.3+3
jdk-15.0.3-ga
jdk-15.0.4+0
jdk-15.0.4+1
jdk-15.0.4+2
jdk-15.0.4+3
jdk-15.0.4+4
jdk-15.0.4+5
jdk-15.0.4-ga
jdk-15.0.5+0
jdk-15.0.5+1
jdk-15.0.5+2
jdk-15.0.5+3
jdk-15.0.5-ga
jdk-15.0.6+0
jdk-15.0.6+1
jdk-15.0.6+2
jdk-15.0.6+3
jdk-15.0.6+4
jdk-15.0.6+5
jdk-15.0.6-ga
jdk-15.0.7+0
jdk-15.0.7+1
jdk-15.0.7+2
jdk-15.0.7+3
jdk-15.0.7+4
jdk-15.0.7-ga

vm-19.*

vm-19.3.0
vm-19.3.0.2
vm-19.3.1
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-19.3.6

vm-20.*

vm-20.0.0
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-20.3.2
vm-20.3.3
vm-20.3.4
vm-20.3.5
vm-20.3.6

vm-21.*

vm-21.0.0
vm-21.0.0.2
vm-21.1.0
vm-21.2.0
vm-21.3.0
vm-21.3.1

vm-22.*

vm-22.0.0.2

vm-ce-21.*

vm-ce-21.2.0