CVE-2022-21634Corporation Graalvm Enterprise Edition vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Graalvm Enterprise EditionOracle Graalvm
Timeline
PublishedOct 18
Latest updateOct 19

Description

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (comp

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5oracle_corporation/graalvm_enterprise_editionOracle GraalVM Enterprise Edition:20.3.7, Oracle GraalVM Enterprise Edition:21.3.3, Oracle GraalVM Enterprise Edition:22.2.0+2
NVDoracle/graalvm20.3.7, 21.3.3, 22.2.0+2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-f58r-p74p-9hp5: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter)2022-10-19
CVEList
CVE-2022-21634: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter)2022-10-18

📋Vendor Advisories

1
Oracle
Oracle Oracle Java SE Risk Matrix: LLVM Interpreter — CVE-2022-216342022-10-15
CVE-2022-21634 — HIGH severity | cvebase