CVE-2022-21549
Published on: Not Yet Published
Last Modified on: 08/22/2022 03:08:00 PM UTC
Certain versions of Zulu from Azul contain the following vulnerability:
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
- CVE-2022-21549 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity. - Affected Vendor/Software: Oracle Corporation - Java SE JDK and JRE version = Oracle Java SE:17.0.3.1
- Affected Vendor/Software: Oracle Corporation - Java SE JDK and JRE version = Oracle GraalVM Enterprise Edition:21.3.2
- Affected Vendor/Software: Oracle Corporation - Java SE JDK and JRE version = Oracle GraalVM Enterprise Edition:22.1.0
CVSS3 Score: 5.3 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | LOW | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Debian -- Security Information -- DSA-5192-1 openjdk-17 | www.debian.org Depreciated Link text/html |
DEBIAN DSA-5192 |
| July 2022 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20220729-0009/ |
| [SECURITY] Fedora 36 Update: java-17-openjdk-17.0.4.0.8-1.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2022-34584d4257 |
| Oracle Critical Patch Update Advisory - July 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujul2022.html |
| [SECURITY] Fedora 35 Update: java-17-openjdk-17.0.4.0.8-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org text/html |
FEDORA FEDORA-2022-64431bccec |
Related QID Numbers
- 159999 Oracle Enterprise Linux Security Update for java-17-openjdk (ELSA-2022-5726)
- 160000 Oracle Enterprise Linux Security Update for java-17-openjdk (ELSA-2022-5736)
- 180901 Debian Security Update for openjdk-17 (DSA 5192-1)
- 198886 Ubuntu Security Notification for Open Java Development Toolkit (OpenJDK) Vulnerabilities (USN-5546-1)
- 20270 Oracle Database 21c Critical Patch Update - October 2022
- 240560 Red Hat Update for java-17-openjdk security (RHSA-2022:5726)
- 240564 Red Hat Update for java-17-openjdk security (RHSA-2022:5736)
- 282975 Fedora Security Update for java (FEDORA-2022-34584d4257)
- 283009 Fedora Security Update for java (FEDORA-2022-64431bccec)
- 353996 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2-2022-1824
- 354375 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2022-2022-113
- 354396 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2022-2022-151
- 354523 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2022-2022-121
- 376733 Oracle Java Standard Edition (SE) Critical Patch Update - July 2022 (CPUJUL2022)
- 376756 Amazon Corretto Critical Patch Update (JUL2022)
- 376761 Azul Java Multiple Vulnerabilities Security Update July 2022
- 376896 Alibaba Cloud Linux Security Update for java-17-openjdk (ALINUX3-SA-2022:0145)
- 502455 Alpine Linux Security Update for openjdk15
- 502456 Alpine Linux Security Update for openjdk17
- 502468 Alpine Linux Security Update for openjdk11
- 502484 Alpine Linux Security Update for openjdk13
- 502578 Alpine Linux Security Update for openjdk11
- 752418 SUSE Enterprise Linux Security Update for java-17-openjdk (SUSE-SU-2022:2660-1)
- 752507 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:2899-1)
- 752510 SUSE Enterprise Linux Security Update for java-1_7_1-ibm (SUSE-SU-2022:2898-1)
- 752526 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:2949-1)
- 752556 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:3152-1)
- 752883 SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:4166-1)
- 940621 AlmaLinux Security Update for java-17-openjdk (ALSA-2022:5736)
- 960159 Rocky Linux Security Update for java-17-openjdk (RLSA-2022:5726)
Exploit/POC from Github
This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file i…
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Azul | Zulu | 17.35 | All | All | All |
| Application | Azul | Zulu | 17.36 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Application | Netapp | 7-mode Transition Tool | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Cloud Insights Acquisition Unit | - | All | All | All |
| Application | Netapp | Cloud Secure Agent | - | All | All | All |
| Hardware
| Netapp | Hci Compute Node | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Oncommand Insight | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Oracle | Graalvm | 21.3.2 | All | All | All |
| Application | Oracle | Graalvm | 22.1.0 | All | All | All |
| Application | Oracle | Jdk | 17.0.3.1 | All | All | All |
| Application | Oracle | Jre | 17.0.3.1 | All | All | All |
- cpe:2.3:a:azul:zulu:17.35:*:*:*:*:*:*:*:
- cpe:2.3:a:azul:zulu:17.36:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*:
- cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*:
- cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*:
- cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2022-21549 : Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE… twitter.com/i/web/status/1… | 2022-07-19 21:26:40 |
| @fukuramikake |
まーたJDKの脆弱性がぼろぼろ出てますな。 CVE-2022-21549 | 2022-07-20 03:17:32 |