CVE-2022-21597Corporation Graalvm Enterprise Edition vulnerability

4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.6%
top 31.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Graalvm Enterprise EditionOracle Graalvm
Timeline
PublishedOct 18
Latest updateOct 19

Description

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CV

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5oracle_corporation/graalvm_enterprise_editionOracle GraalVM Enterprise Edition:20.3.7, Oracle GraalVM Enterprise Edition:21.3.3, Oracle GraalVM Enterprise Edition:22.2.0+2
NVDoracle/graalvm20.3.7, 21.3.3, 22.2.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-wpjj-8jrx-8pxf: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript)2022-10-19
CVEList
CVE-2022-21597: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript)2022-10-18

📋Vendor Advisories

1
Oracle
Oracle Oracle Java SE Risk Matrix: JavaScript — CVE-2022-215972022-10-15
CVE-2022-21597 — MEDIUM severity | cvebase