CVE-2022-21449

CWE-34714 documents10 sources

Severity

7.5HIGH

EPSS

34.3%

top 3.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java SE JDK AND JRE Azul Zulu Debian Debian Linux +3 more

Timeline

PublishedApr 19

Latest updateAug 4

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jre4 versions+3

▶NVDoracle/graalvm21.3.1, 22.0.0.2+1

▶NVDoracle/jdk17.0.2, 18+1

▶Ubuntuopenjdk-8< 8u342-b07-0ubuntu1~18.04+3

▶Debianopenjdk-17< 17.0.3+7-1~deb11u1+1

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

openjdk-8, openjdk-lts, openjdk-17, openjdk-18 vulnerabilities↗2022-08-04

▶

OSV

openjdk-8 vulnerabilities↗2022-08-04

▶

OSV

openjdk-17 vulnerabilities↗2022-04-26

▶

GHSA

GHSA-cj8x-r9fp-q656: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2022-04-20

▶

OSV

CVE-2022-21449: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)↗2022-04-19

▶

🔍Detection Rules

Suricata

ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)↗2022-04-26

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2022-08-04

▶

Ubuntu

OpenJDK vulnerabilities↗2022-04-26

▶

Red Hat

OpenJDK: Improper ECDSA signature verification (Libraries, 8277233)↗2022-04-19

▶

Oracle

Oracle Oracle Java SE Risk Matrix: Libraries — CVE-2022-21449↗2022-04-15

▶

Debian

CVE-2022-21449: openjdk-17 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...↗2022

▶

📄Research Papers

CTF

web-jalboy / readme↗2024

▶