CVE-2022-21443

CWE-19113 documents8 sources
Severity
3.7LOW
EPSS
0.1%
top 81.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Netapp E-series Santricity OS ControllerOracle Corporation Java SE JDK AND JREAzul Zulu+3 more
Timeline
PublishedApr 19
Latest updateAug 4

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can res

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages7 packages

NVDoracle/java_se5 versions+4
NVDoracle/graalvm20.3.5, 21.3.1, 22.0.0.2+2
Debianopenjdk-11< 11.0.15+10-1~deb11u1
Debianopenjdk-17< 17.0.3+7-1~deb11u1+1

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
OSV
openjdk-17 vulnerabilities2022-04-26
OSV
openjdk-lts vulnerabilities2022-04-26
GHSA
GHSA-gwg7-339c-3h88: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)2022-04-20
CVEList
CVE-2022-21443: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)2022-04-19
OSV
CVE-2022-21443: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)2022-04-19

📋Vendor Advisories

7
Ubuntu
OpenJDK 8 vulnerabilities2022-08-04
Ubuntu
OpenJDK vulnerabilities2022-08-04
Ubuntu
OpenJDK vulnerabilities2022-04-26
Ubuntu
OpenJDK vulnerabilities2022-04-26
Red Hat
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)2022-04-19