Vulnerability-Lookup - Search a vulnerability

CVE-2023-22025 (GCVE-0-2023-22025)

Vulnerability from cvelistv5

Published

2023-10-17 21:02

Modified

2024-09-13 16:36

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20231027-0006/
	https://www.debian.org/security/2023/dsa-5548

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u381-perf Version: Oracle Java SE:17.0.8 Version: Oracle Java SE:21 Version: Oracle GraalVM for JDK:17.0.8 Version: Oracle GraalVM for JDK:21 Version: Oracle GraalVM Enterprise Edition:21.3.7 Version: Oracle GraalVM Enterprise Edition:22.3.3

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.998Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5548",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-22025",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-13T16:28:29.558794Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-13T16:36:38.444Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u381-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:21",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:21",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and  22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-08T04:14:29.313Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5548",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22025",
      datePublished: "2023-10-17T21:02:47.615Z",
      dateReserved: "2022-12-17T19:26:00.752Z",
      dateUpdated: "2024-09-13T16:36:38.444Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21549 (GCVE-0-2022-21549)

Vulnerability from cvelistv5

Published

2022-07-19 00:00

Modified

2024-08-03 02:46

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2022.html
	https://www.debian.org/security/2022/dsa-5192	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220729-0009/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25	vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:17.0.3.1 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:38.909Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  name: "DSA-5192",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5192",
               },
               {
                  name: "FEDORA-2022-34584d4257",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
               },
               {
                  name: "FEDORA-2022-64431bccec",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/",
               },
               {
                  name: "GLSA-202401-25",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.1.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:19.501295",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               name: "DSA-5192",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5192",
            },
            {
               name: "FEDORA-2022-34584d4257",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
            },
            {
               name: "FEDORA-2022-64431bccec",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/",
            },
            {
               name: "GLSA-202401-25",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21549",
      datePublished: "2022-07-19T00:00:00",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:46:38.909Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21366 (GCVE-0-2022-21366)

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.987Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:25.759Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21366",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21366",
      datePublished: "2022-01-19T11:25:49",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.987Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-20922 (GCVE-0-2024-20922)

Vulnerability from cvelistv5

Published

2024-01-16 21:41

Modified

2025-02-13 17:32

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2024.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240201-0002/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u391 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T22:06:37.344Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2024.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u391",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.12",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.8",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).  Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and  21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 2.5,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-01T17:06:44.322Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2024.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2024-20922",
      datePublished: "2024-01-16T21:41:15.590Z",
      dateReserved: "2023-12-07T22:28:10.620Z",
      dateUpdated: "2025-02-13T17:32:40.902Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-21930 (GCVE-0-2023-21930)

Vulnerability from cvelistv5

Published

2023-04-18 19:54

Modified

2025-02-13 16:40

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-20230427-0008/
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u361 Version: Oracle Java SE:8u361-perf Version: Oracle Java SE:11.0.18 Version: Oracle Java SE:17.0.6 Version: Oracle Java SE:20 Version: Oracle GraalVM Enterprise Edition:20.3.9 Version: Oracle GraalVM Enterprise Edition:21.3.5 Version: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
                     "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "graalvm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.3.5",
                     },
                     {
                        status: "affected",
                        version: "22.3.1",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jdk",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "11.0.18",
                     },
                     {
                        status: "affected",
                        version: "17.0.6",
                     },
                     {
                        status: "affected",
                        version: "1.8.0",
                     },
                     {
                        status: "affected",
                        version: "20",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jre",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "11.0.18",
                     },
                     {
                        status: "affected",
                        version: "17.0.6",
                     },
                     {
                        status: "affected",
                        version: "1.8.0",
                     },
                     {
                        status: "affected",
                        version: "20",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "oncommand_insight",
                  vendor: "netapp",
                  versions: [
                     {
                        lessThan: "*",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "10.0",
                     },
                     {
                        status: "affected",
                        version: "11.0",
                     },
                     {
                        status: "affected",
                        version: "12.0",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-21930",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-22T19:44:31.998696Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-22T20:06:28.547Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:27.250Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5430",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.18",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:35.314Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
            },
            {
               url: "https://www.couchbase.com/alerts/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5430",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-21930",
      datePublished: "2023-04-18T19:54:23.189Z",
      dateReserved: "2022-12-17T19:26:00.718Z",
      dateUpdated: "2025-02-13T16:40:25.071Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-20926 (GCVE-0-2024-20926)

Vulnerability from cvelistv5

Published

2024-01-16 21:41

Modified

2025-02-13 17:32

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2024.html	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html
	https://security.netapp.com/advisory/ntap-20240201-0002/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T22:06:37.325Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2024.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u391",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u391-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.21",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.12",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-01T17:06:47.505Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2024.html",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2024-20926",
      datePublished: "2024-01-16T21:41:16.336Z",
      dateReserved: "2023-12-07T22:28:10.621Z",
      dateUpdated: "2025-02-13T17:32:41.431Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21541 (GCVE-0-2022-21541)

Vulnerability from cvelistv5

Published

2022-07-19 00:00

Modified

2024-09-23 19:22

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2022.html
	https://www.debian.org/security/2022/dsa-5188	vendor-advisory
	https://www.debian.org/security/2022/dsa-5192	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220729-0009/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25	vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u343 Version: Oracle Java SE:8u333 Version: Oracle Java SE:11.0.15.1 Version: Oracle Java SE:17.0.3.1 Version: Oracle Java SE:18.0.1.1 Version: Oracle GraalVM Enterprise Edition:20.3.6 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:38.300Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  name: "DSA-5188",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5188",
               },
               {
                  name: "DSA-5192",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5192",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
               },
               {
                  name: "FEDORA-2022-19b6f21746",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
               },
               {
                  name: "FEDORA-2022-ae563934f7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
               },
               {
                  name: "FEDORA-2022-e573851f56",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
               },
               {
                  name: "FEDORA-2022-d26586b419",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
               },
               {
                  name: "FEDORA-2022-80afe2304a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
               },
               {
                  name: "FEDORA-2022-b76ab52e73",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
               },
               {
                  name: "GLSA-202401-25",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21541",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-11T20:42:01.658119Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-23T19:22:48.866Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u343",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u333",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.15.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:18.0.1.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.1.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:44.119587",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               name: "DSA-5188",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5188",
            },
            {
               name: "DSA-5192",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5192",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
            },
            {
               name: "FEDORA-2022-19b6f21746",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
            },
            {
               name: "FEDORA-2022-ae563934f7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
            },
            {
               name: "FEDORA-2022-e573851f56",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
            },
            {
               name: "FEDORA-2022-d26586b419",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
            },
            {
               name: "FEDORA-2022-80afe2304a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
            },
            {
               name: "FEDORA-2022-b76ab52e73",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
            },
            {
               name: "GLSA-202401-25",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21541",
      datePublished: "2022-07-19T00:00:00",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-09-23T19:22:48.866Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21619 (GCVE-0-2022-21619)

Vulnerability from cvelistv5

Published

2022-10-18 00:00

Modified

2025-02-13 16:28

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2022.html
	https://security.netapp.com/advisory/ntap-20221028-0012/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u341 Version: Oracle Java SE:8u345-perf Version: Oracle Java SE:11.0.16.1 Version: Oracle Java SE:17.0.4.1 Version: Oracle Java SE:19 Version: Oracle GraalVM Enterprise Edition:20.3.7 Version: Oracle GraalVM Enterprise Edition:21.3.3 Version: Oracle GraalVM Enterprise Edition:22.2.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:39.137Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
               },
               {
                  name: "FEDORA-2022-b050ae8974",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
               },
               {
                  name: "FEDORA-2022-5d494ab9ab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
               },
               {
                  name: "FEDORA-2022-1c07902a5e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
               },
               {
                  name: "FEDORA-2022-361f34f2a9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
               },
               {
                  name: "FEDORA-2022-f76014ae17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
               },
               {
                  name: "FEDORA-2022-d989953883",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u341",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u345-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.16.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.4.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:19",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.3",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.2.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:27.227Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
            },
            {
               name: "FEDORA-2022-b050ae8974",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
            },
            {
               name: "FEDORA-2022-5d494ab9ab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
            },
            {
               name: "FEDORA-2022-1c07902a5e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
            },
            {
               name: "FEDORA-2022-361f34f2a9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
            },
            {
               name: "FEDORA-2022-f76014ae17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
            },
            {
               name: "FEDORA-2022-d989953883",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21619",
      datePublished: "2022-10-18T00:00:00.000Z",
      dateReserved: "2021-11-15T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:28:54.561Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21426 (GCVE-0-2022-21426)

Vulnerability from cvelistv5

Published

2022-04-19 20:37

Modified

2024-09-24 20:12

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220429-0006/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:56.501Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
               },
               {
                  name: "DSA-5128",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5128",
               },
               {
                  name: "DSA-5131",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5131",
               },
               {
                  name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21426",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-24T17:35:39.893746Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-24T20:12:08.707Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u331",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.14",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:18",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.0.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-05-14T11:06:07",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
            },
            {
               name: "DSA-5128",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5128",
            },
            {
               name: "DSA-5131",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5131",
            },
            {
               name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21426",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u331",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.14",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:18",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:22.0.0.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220429-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
                  },
                  {
                     name: "DSA-5128",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5128",
                  },
                  {
                     name: "DSA-5131",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5131",
                  },
                  {
                     name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21426",
      datePublished: "2022-04-19T20:37:11",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-09-24T20:12:08.707Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-20918 (GCVE-0-2024-20918)

Vulnerability from cvelistv5

Published

2024-01-16 21:41

Modified

2025-02-13 17:32

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2024.html	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html
	https://security.netapp.com/advisory/ntap-20240201-0002/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle Java SE:17.0.9 Version: Oracle Java SE:21.0.1 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T22:06:37.342Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2024.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u391",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u391-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.21",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:21.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:21.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.12",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-01T17:06:45.864Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2024.html",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2024-20918",
      datePublished: "2024-01-16T21:41:14.954Z",
      dateReserved: "2023-12-07T22:28:10.619Z",
      dateUpdated: "2025-02-13T17:32:40.215Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-22036 (GCVE-0-2023-22036)

Vulnerability from cvelistv5

Published

2023-07-18 20:18

Modified

2025-02-13 16:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20230725-0006/
	https://www.debian.org/security/2023/dsa-5458
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.789Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5458",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.19",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.10",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:20.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility).  Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-19T10:06:31.451Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5458",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22036",
      datePublished: "2023-07-18T20:18:20.850Z",
      dateReserved: "2022-12-17T19:26:00.753Z",
      dateUpdated: "2025-02-13T16:43:28.142Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21434 (GCVE-0-2022-21434)

Vulnerability from cvelistv5

Published

2022-04-19 20:37

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://security.netapp.com/advisory/ntap-20220429-0006/
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21434",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-02T19:51:37.654803Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-02T19:51:53.199Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:56.147Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
               },
               {
                  name: "DSA-5128",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5128",
               },
               {
                  name: "DSA-5131",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5131",
               },
               {
                  name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u331",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.14",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:18",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.0.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:06:18.947256",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
            },
            {
               name: "DSA-5128",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5128",
            },
            {
               name: "DSA-5131",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5131",
            },
            {
               name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21434",
      datePublished: "2022-04-19T20:37:18",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:56.147Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2020-36518 (GCVE-0-2020-36518)

Vulnerability from cvelistv5

Published

2022-03-11 00:00

Modified

2024-08-04 17:30

Severity ?

Summary

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

References

▼	URL	Tags
	https://github.com/FasterXML/jackson-databind/issues/2816
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html	mailing-list
	https://www.oracle.com/security-alerts/cpujul2022.html
	https://security.netapp.com/advisory/ntap-20220506-0004/
	https://www.debian.org/security/2022/dsa-5283	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T17:30:08.127Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/FasterXML/jackson-databind/issues/2816",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  name: "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
               },
               {
                  name: "DSA-5283",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5283",
               },
               {
                  name: "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-27T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/FasterXML/jackson-databind/issues/2816",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               name: "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
            },
            {
               name: "DSA-5283",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5283",
            },
            {
               name: "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-36518",
      datePublished: "2022-03-11T00:00:00",
      dateReserved: "2022-03-11T00:00:00",
      dateUpdated: "2024-08-04T17:30:08.127Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21365 (GCVE-0-2022-21365)

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-11-19 19:09

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.571Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21365",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-01-30T20:59:23.165168Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-19T19:09:11.601Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:22.839Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21365",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21365",
      datePublished: "2022-01-19T11:25:47",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-11-19T19:09:11.601Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21305 (GCVE-0-2022-21305)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.470Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:02.221Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21305",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21305",
      datePublished: "2022-01-19T11:23:55",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.470Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21293 (GCVE-0-2022-21293)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.319Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "FEDORA-2022-477401b0f7",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:42.144Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "FEDORA-2022-477401b0f7",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21293",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "FEDORA-2022-477401b0f7",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21293",
      datePublished: "2022-01-19T11:23:33",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.319Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21540 (GCVE-0-2022-21540)

Vulnerability from cvelistv5

Published

2022-07-19 00:00

Modified

2024-08-03 02:46

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2022.html
	https://www.debian.org/security/2022/dsa-5188	vendor-advisory
	https://www.debian.org/security/2022/dsa-5192	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220729-0009/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25	vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u343 Version: Oracle Java SE:8u333 Version: Oracle Java SE:11.0.15.1 Version: Oracle Java SE:17.0.3.1 Version: Oracle Java SE:18.0.1.1 Version: Oracle GraalVM Enterprise Edition:20.3.6 Version: Oracle GraalVM Enterprise Edition:21.3.2 Version: Oracle GraalVM Enterprise Edition:22.1.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:39.111Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  name: "DSA-5188",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5188",
               },
               {
                  name: "DSA-5192",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5192",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
               },
               {
                  name: "FEDORA-2022-19b6f21746",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
               },
               {
                  name: "FEDORA-2022-ae563934f7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
               },
               {
                  name: "FEDORA-2022-e573851f56",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
               },
               {
                  name: "FEDORA-2022-d26586b419",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
               },
               {
                  name: "FEDORA-2022-80afe2304a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
               },
               {
                  name: "FEDORA-2022-b76ab52e73",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
               },
               {
                  name: "GLSA-202401-25",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u343",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u333",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.15.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:18.0.1.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.1.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:26.613438",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               name: "DSA-5188",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5188",
            },
            {
               name: "DSA-5192",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5192",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
            },
            {
               name: "FEDORA-2022-19b6f21746",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
            },
            {
               name: "FEDORA-2022-ae563934f7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
            },
            {
               name: "FEDORA-2022-e573851f56",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
            },
            {
               name: "FEDORA-2022-d26586b419",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
            },
            {
               name: "FEDORA-2022-80afe2304a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
            },
            {
               name: "FEDORA-2022-b76ab52e73",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
            },
            {
               name: "GLSA-202401-25",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21540",
      datePublished: "2022-07-19T00:00:00",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:46:39.111Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-22049 (GCVE-0-2023-22049)

Vulnerability from cvelistv5

Published

2023-07-18 20:18

Modified

2025-02-13 16:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20230725-0006/
	https://www.debian.org/security/2023/dsa-5458
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u371 Version: Oracle Java SE:8u371-perf Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.682Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5458",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u371",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u371-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.19",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.10",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:20.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:14.476Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5458",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22049",
      datePublished: "2023-07-18T20:18:32.121Z",
      dateReserved: "2022-12-17T19:26:00.755Z",
      dateUpdated: "2025-02-13T16:43:32.651Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-21954 (GCVE-0-2023-21954)

Vulnerability from cvelistv5

Published

2023-04-18 19:54

Modified

2025-02-13 16:40

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-20230427-0008/
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u361 Version: Oracle Java SE:8u361-perf Version: Oracle Java SE:11.0.18 Version: Oracle Java SE:17.0.6 Version: Oracle GraalVM Enterprise Edition:20.3.9 Version: Oracle GraalVM Enterprise Edition:21.3.5 Version: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.530Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5430",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-21954",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-16T14:39:04.663342Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-16T15:15:07.415Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.18",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:06:19.494Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
            },
            {
               url: "https://www.couchbase.com/alerts/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5430",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-21954",
      datePublished: "2023-04-18T19:54:30.576Z",
      dateReserved: "2022-12-17T19:26:00.728Z",
      dateUpdated: "2025-02-13T16:40:32.666Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-41993 (GCVE-0-2023-41993)

Vulnerability from cvelistv5

Published

2023-09-21 18:23

Modified

2025-02-13 17:09

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

References

▼	URL	Tags
	https://support.apple.com/en-us/HT213940
	https://security.gentoo.org/glsa/202401-33
	https://security.netapp.com/advisory/ntap-20240426-0004/

Impacted products

	Vendor	Product	Version
	Apple	macOS	Version: unspecified < 14

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "iphone_os",
                  vendor: "apple",
                  versions: [
                     {
                        lessThan: "17.0.1",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "ipad_os",
                  vendor: "apple",
                  versions: [
                     {
                        lessThan: "17.0.1",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "macos",
                  vendor: "apple",
                  versions: [
                     {
                        lessThan: "14.0",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fedora",
                  vendor: "fedoraproject",
                  versions: [
                     {
                        status: "affected",
                        version: "37",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fedora",
                  vendor: "fedoraproject",
                  versions: [
                     {
                        status: "affected",
                        version: "38",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fedora",
                  vendor: "fedoraproject",
                  versions: [
                     {
                        status: "affected",
                        version: "39",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "debian_linux",
                  vendor: "debian",
                  versions: [
                     {
                        status: "affected",
                        version: "11.0",
                     },
                     {
                        status: "affected",
                        version: "12.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "graalvm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "20.3.13",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "graalvm",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "21.3.9",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jdk",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "1.8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jre",
                  vendor: "oracle",
                  versions: [
                     {
                        status: "affected",
                        version: "1.8.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "cloud_insights_acquisition_unit",
                  vendor: "netapp",
                  versions: [
                     {
                        lessThanOrEqual: "*",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "cloud_insights_storage_workload_security_agent",
                  vendor: "netapp",
                  versions: [
                     {
                        lessThanOrEqual: "*",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "oncommand_insight",
                  vendor: "netapp",
                  versions: [
                     {
                        lessThanOrEqual: "*",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "oncommand_workflow_automation",
                  vendor: "netapp",
                  versions: [
                     {
                        lessThanOrEqual: "*",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-41993",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-01-11T02:17:52.028515Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2023-09-25",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41993",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-754",
                        description: "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-29T16:19:32.611Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-29T13:17:27.813Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213940",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-33",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240426-0004/",
               },
               {
                  url: "https://webkitgtk.org/security/WSA-2023-0009.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "14",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-04-26T09:06:59.072Z",
            orgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
            shortName: "apple",
         },
         references: [
            {
               url: "https://support.apple.com/en-us/HT213940",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-33",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240426-0004/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
      assignerShortName: "apple",
      cveId: "CVE-2023-41993",
      datePublished: "2023-09-21T18:23:52.197Z",
      dateReserved: "2023-09-06T17:40:06.142Z",
      dateUpdated: "2025-02-13T17:09:12.791Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21628 (GCVE-0-2022-21628)

Vulnerability from cvelistv5

Published

2022-10-18 00:00

Modified

2025-02-13 16:28

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2022.html
	https://security.netapp.com/advisory/ntap-20221028-0012/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u341 Version: Oracle Java SE:8u345-perf Version: Oracle Java SE:11.0.16.1 Version: Oracle Java SE:17.0.4.1 Version: Oracle Java SE:19 Version: Oracle GraalVM Enterprise Edition:20.3.7 Version: Oracle GraalVM Enterprise Edition:21.3.3 Version: Oracle GraalVM Enterprise Edition:22.2.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:39.220Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
               },
               {
                  name: "FEDORA-2022-b050ae8974",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
               },
               {
                  name: "FEDORA-2022-5d494ab9ab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
               },
               {
                  name: "FEDORA-2022-1c07902a5e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
               },
               {
                  name: "FEDORA-2022-361f34f2a9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
               },
               {
                  name: "FEDORA-2022-f76014ae17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
               },
               {
                  name: "FEDORA-2022-d989953883",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21628",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-01-23T16:44:33.706023Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-20T14:43:49.731Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u341",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u345-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.16.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.4.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:19",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.3",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.2.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:20.092Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
            },
            {
               name: "FEDORA-2022-b050ae8974",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
            },
            {
               name: "FEDORA-2022-5d494ab9ab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
            },
            {
               name: "FEDORA-2022-1c07902a5e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
            },
            {
               name: "FEDORA-2022-361f34f2a9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
            },
            {
               name: "FEDORA-2022-f76014ae17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
            },
            {
               name: "FEDORA-2022-d989953883",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21628",
      datePublished: "2022-10-18T00:00:00.000Z",
      dateReserved: "2021-11-15T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:28:56.500Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21282 (GCVE-0-2022-21282)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:54.996Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:29.329Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21282",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21282",
      datePublished: "2022-01-19T11:23:11",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:54.996Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-22081 (GCVE-0-2023-22081)

Vulnerability from cvelistv5

Published

2023-10-17 21:02

Modified

2024-08-02 09:59

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20231027-0006/
	https://www.debian.org/security/2023/dsa-5537
	https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html
	https://www.debian.org/security/2023/dsa-5548

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u381 Version: Oracle Java SE:8u381-perf Version: Oracle Java SE:11.0.20 Version: Oracle Java SE:17.0.8 Version: Oracle Java SE:21 Version: Oracle GraalVM for JDK:17.0.8 Version: Oracle GraalVM for JDK:21 Version: Oracle GraalVM Enterprise Edition:20.3.11 Version: Oracle GraalVM Enterprise Edition:21.3.7 Version: Oracle GraalVM Enterprise Edition:22.3.3

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:29.109Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5537",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5548",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u381",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u381-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.20",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:21",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:21",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.11",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and  22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-08T04:14:14.116Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5537",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5548",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22081",
      datePublished: "2023-10-17T21:02:56.346Z",
      dateReserved: "2022-12-17T19:26:00.759Z",
      dateUpdated: "2024-08-02T09:59:29.109Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21476 (GCVE-0-2022-21476)

Vulnerability from cvelistv5

Published

2022-04-19 20:38

Modified

2024-08-03 02:38

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220429-0006/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:56.676Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
               },
               {
                  name: "DSA-5128",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5128",
               },
               {
                  name: "DSA-5131",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5131",
               },
               {
                  name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u331",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.14",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:18",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.0.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-05-14T11:06:05",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
            },
            {
               name: "DSA-5128",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5128",
            },
            {
               name: "DSA-5131",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5131",
            },
            {
               name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21476",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u331",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.14",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:18",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.5",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:22.0.0.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "7.5",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220429-0006/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
                  },
                  {
                     name: "DSA-5128",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5128",
                  },
                  {
                     name: "DSA-5131",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5131",
                  },
                  {
                     name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21476",
      datePublished: "2022-04-19T20:38:20",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:56.676Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21626 (GCVE-0-2022-21626)

Vulnerability from cvelistv5

Published

2022-10-18 00:00

Modified

2025-02-13 16:28

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2022.html
	https://security.netapp.com/advisory/ntap-20221028-0012/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u341 Version: Oracle Java SE:8u345-perf Version: Oracle Java SE:11.0.16.1 Version: Oracle GraalVM Enterprise Edition:20.3.7 Version: Oracle GraalVM Enterprise Edition:21.3.3 Version: Oracle GraalVM Enterprise Edition:22.2.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:39.195Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
               },
               {
                  name: "FEDORA-2022-b050ae8974",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
               },
               {
                  name: "FEDORA-2022-1c07902a5e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
               },
               {
                  name: "FEDORA-2022-361f34f2a9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
               },
               {
                  name: "FEDORA-2022-d989953883",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u341",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u345-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.16.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.3",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.2.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:31.267Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
            },
            {
               name: "FEDORA-2022-b050ae8974",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
            },
            {
               name: "FEDORA-2022-1c07902a5e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
            },
            {
               name: "FEDORA-2022-361f34f2a9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
            },
            {
               name: "FEDORA-2022-d989953883",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21626",
      datePublished: "2022-10-18T00:00:00.000Z",
      dateReserved: "2021-11-15T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:28:55.992Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-21968 (GCVE-0-2023-21968)

Vulnerability from cvelistv5

Published

2023-04-18 19:54

Modified

2025-02-13 16:40

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-20230427-0008/
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u361 Version: Oracle Java SE:8u361-perf Version: Oracle Java SE:11.0.18 Version: Oracle Java SE:17.0.6 Version: Oracle Java SE:20 Version: Oracle GraalVM Enterprise Edition:20.3.9 Version: Oracle GraalVM Enterprise Edition:21.3.5 Version: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.370Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5430",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.18",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:33.467Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
            },
            {
               url: "https://www.couchbase.com/alerts/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5430",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-21968",
      datePublished: "2023-04-18T19:54:34.372Z",
      dateReserved: "2022-12-17T19:26:00.733Z",
      dateUpdated: "2025-02-13T16:40:35.928Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-20932 (GCVE-0-2024-20932)

Vulnerability from cvelistv5

Published

2024-01-16 21:41

Modified

2025-02-13 17:32

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2024.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240201-0002/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:17.0.9 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T22:06:37.353Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2024.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-20932",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-30T15:51:25.131686Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-284",
                        description: "CWE-284 Improper Access Control",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-30T15:52:16.674Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and  22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-01T17:06:49.517Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2024.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2024-20932",
      datePublished: "2024-01-16T21:41:17.380Z",
      dateReserved: "2023-12-07T22:28:10.622Z",
      dateUpdated: "2025-02-13T17:32:42.039Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21283 (GCVE-0-2022-21283)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:54.980Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "FEDORA-2022-477401b0f7",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:39.446Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "FEDORA-2022-477401b0f7",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21283",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "FEDORA-2022-477401b0f7",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21283",
      datePublished: "2022-01-19T11:23:13",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:54.980Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-21967 (GCVE-0-2023-21967)

Vulnerability from cvelistv5

Published

2023-04-18 19:54

Modified

2025-02-13 16:40

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-20230427-0008/
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u361 Version: Oracle Java SE:8u361-perf Version: Oracle Java SE:11.0.18 Version: Oracle Java SE:17.0.6 Version: Oracle Java SE:20 Version: Oracle GraalVM Enterprise Edition:20.3.9 Version: Oracle GraalVM Enterprise Edition:21.3.5 Version: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-21967",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-17T13:34:32.918522Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-17T13:34:40.120Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.383Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5430",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.18",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:05:57.984Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
            },
            {
               url: "https://www.couchbase.com/alerts/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5430",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-21967",
      datePublished: "2023-04-18T19:54:33.967Z",
      dateReserved: "2022-12-17T19:26:00.733Z",
      dateUpdated: "2025-02-13T16:40:35.333Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21618 (GCVE-0-2022-21618)

Vulnerability from cvelistv5

Published

2022-10-18 00:00

Modified

2025-02-13 16:28

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2022.html
	https://security.netapp.com/advisory/ntap-20221028-0012/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:17.0.4.1 Version: Oracle Java SE:19 Version: Oracle GraalVM Enterprise Edition:21.3.3 Version: Oracle GraalVM Enterprise Edition:22.2.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:39.446Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
               },
               {
                  name: "FEDORA-2022-5d494ab9ab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
               },
               {
                  name: "FEDORA-2022-1c07902a5e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
               },
               {
                  name: "FEDORA-2022-f76014ae17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
               },
               {
                  name: "FEDORA-2022-d989953883",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.4.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:19",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.3",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.2.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:40.844Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
            },
            {
               name: "FEDORA-2022-5d494ab9ab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
            },
            {
               name: "FEDORA-2022-1c07902a5e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
            },
            {
               name: "FEDORA-2022-f76014ae17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
            },
            {
               name: "FEDORA-2022-d989953883",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21618",
      datePublished: "2022-10-18T00:00:00.000Z",
      dateReserved: "2021-11-15T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:28:54.041Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-20952 (GCVE-0-2024-20952)

Vulnerability from cvelistv5

Published

2024-01-16 21:41

Modified

2025-02-13 17:32

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2024.html	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html
	https://security.netapp.com/advisory/ntap-20240201-0002/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u391 Version: Oracle Java SE:8u391-perf Version: Oracle Java SE:11.0.21 Version: Oracle Java SE:17.0.9 Version: Oracle Java SE:21.0.1 Version: Oracle GraalVM for JDK:17.0.9 Version: Oracle GraalVM for JDK:21.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.12 Version: Oracle GraalVM Enterprise Edition:21.3.8 Version: Oracle GraalVM Enterprise Edition:22.3.4

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T22:06:37.367Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2024.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-20952",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-01-25T05:01:04.858571Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-416",
                        description: "CWE-416 Use After Free",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
               {
                  descriptions: [
                     {
                        cweId: "CWE-284",
                        description: "CWE-284 Improper Access Control",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-08-30T15:29:52.965Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u391",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u391-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.21",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:21.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:21.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.12",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-01T17:06:51.113Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2024.html",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2024-20952",
      datePublished: "2024-01-16T21:41:20.593Z",
      dateReserved: "2023-12-07T22:28:10.627Z",
      dateUpdated: "2025-02-13T17:32:42.633Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21299 (GCVE-0-2022-21299)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2025-02-13 16:28

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.411Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:37.290Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21299",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21299",
      datePublished: "2022-01-19T11:23:43.000Z",
      dateReserved: "2021-11-15T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:28:53.459Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-21939 (GCVE-0-2023-21939)

Vulnerability from cvelistv5

Published

2023-04-18 19:54

Modified

2025-02-13 16:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-20230427-0008/
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u361 Version: Oracle Java SE:8u361-perf Version: Oracle Java SE:11.0.18 Version: Oracle Java SE:17.0.6 Version: Oracle Java SE:20 Version: Oracle GraalVM Enterprise Edition:20.3.9 Version: Oracle GraalVM Enterprise Edition:21.3.5 Version: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-21939",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-05T19:26:29.575017Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-05T19:26:49.370Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:27.929Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5430",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.18",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:18.372Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
            },
            {
               url: "https://www.couchbase.com/alerts/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5430",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-21939",
      datePublished: "2023-04-18T19:54:26.274Z",
      dateReserved: "2022-12-17T19:26:00.722Z",
      dateUpdated: "2025-02-13T16:40:28.308Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21496 (GCVE-0-2022-21496)

Vulnerability from cvelistv5

Published

2022-04-19 20:38

Modified

2024-09-24 20:05

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://security.netapp.com/advisory/ntap-20220429-0006/
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:38.681Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
               },
               {
                  name: "DSA-5128",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5128",
               },
               {
                  name: "DSA-5131",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5131",
               },
               {
                  name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21496",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-24T13:53:50.783083Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-24T20:05:36.664Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u331",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.14",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:18",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.0.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:06:40.368882",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
            },
            {
               name: "DSA-5128",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5128",
            },
            {
               name: "DSA-5131",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5131",
            },
            {
               name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21496",
      datePublished: "2022-04-19T20:38:50",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-09-24T20:05:36.664Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-21938 (GCVE-0-2023-21938)

Vulnerability from cvelistv5

Published

2023-04-18 19:54

Modified

2025-02-13 16:40

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-20230427-0008/
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u361 Version: Oracle Java SE:8u361-perf Version: Oracle Java SE:11.0.18 Version: Oracle Java SE:17.0.6 Version: Oracle Java SE:20 Version: Oracle GraalVM Enterprise Edition:20.3.8 Version: Oracle GraalVM Enterprise Edition:21.3.4 Version: Oracle GraalVM Enterprise Edition:22.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:27.256Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5430",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-21938",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-16T14:39:35.865049Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-16T15:17:40.166Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.18",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.8",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:50.001Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
            },
            {
               url: "https://www.couchbase.com/alerts/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5430",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-21938",
      datePublished: "2023-04-18T19:54:25.948Z",
      dateReserved: "2022-12-17T19:26:00.722Z",
      dateUpdated: "2025-02-13T16:40:27.738Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21294 (GCVE-0-2022-21294)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.305Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:44.533Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21294",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21294",
      datePublished: "2022-01-19T11:23:34",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.305Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21360 (GCVE-0-2022-21360)

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.503Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:16.462Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21360",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21360",
      datePublished: "2022-01-19T11:25:37",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.503Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21291 (GCVE-0-2022-21291)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.283Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "FEDORA-2022-477401b0f7",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:19:34.932Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "FEDORA-2022-477401b0f7",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21291",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "FEDORA-2022-477401b0f7",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21291",
      datePublished: "2022-01-19T11:23:29",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.283Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21277 (GCVE-0-2022-21277)

Vulnerability from cvelistv5

Published

2022-01-19 11:22

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.127Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:12.305Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21277",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21277",
      datePublished: "2022-01-19T11:22:59",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.127Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-22041 (GCVE-0-2023-22041)

Vulnerability from cvelistv5

Published

2023-07-18 20:18

Modified

2025-02-13 16:43

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20230725-0006/
	https://www.debian.org/security/2023/dsa-5458
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u371-perf Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.638Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5458",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u371-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.19",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.10",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:20.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "NONE",
                  baseScore: 5.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-19T10:06:13.488Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5458",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22041",
      datePublished: "2023-07-18T20:18:24.914Z",
      dateReserved: "2022-12-17T19:26:00.754Z",
      dateUpdated: "2025-02-13T16:43:29.220Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21340 (GCVE-0-2022-21340)

Vulnerability from cvelistv5

Published

2022-01-19 11:24

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.601Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:47.711Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21340",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21340",
      datePublished: "2022-01-19T11:24:59",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.601Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21624 (GCVE-0-2022-21624)

Vulnerability from cvelistv5

Published

2022-10-18 00:00

Modified

2025-02-13 16:28

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2022.html
	https://security.netapp.com/advisory/ntap-20221028-0012/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u341 Version: Oracle Java SE:8u345-perf Version: Oracle Java SE:11.0.16.1 Version: Oracle Java SE:17.0.4.1 Version: Oracle Java SE:19 Version: Oracle GraalVM Enterprise Edition:20.3.7 Version: Oracle GraalVM Enterprise Edition:21.3.3 Version: Oracle GraalVM Enterprise Edition:22.2.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:46:39.430Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
               },
               {
                  name: "FEDORA-2022-b050ae8974",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
               },
               {
                  name: "FEDORA-2022-5d494ab9ab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
               },
               {
                  name: "FEDORA-2022-1c07902a5e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
               },
               {
                  name: "FEDORA-2022-361f34f2a9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
               },
               {
                  name: "FEDORA-2022-f76014ae17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
               },
               {
                  name: "FEDORA-2022-d989953883",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u341",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u345-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.16.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.4.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:19",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.3",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.2.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:29.242Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
            },
            {
               name: "FEDORA-2022-b050ae8974",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
            },
            {
               name: "FEDORA-2022-5d494ab9ab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
            },
            {
               name: "FEDORA-2022-1c07902a5e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
            },
            {
               name: "FEDORA-2022-361f34f2a9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
            },
            {
               name: "FEDORA-2022-f76014ae17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
            },
            {
               name: "FEDORA-2022-d989953883",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21624",
      datePublished: "2022-10-18T00:00:00.000Z",
      dateReserved: "2021-11-15T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:28:55.124Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-39399 (GCVE-0-2022-39399)

Vulnerability from cvelistv5

Published

2022-10-18 00:00

Modified

2025-02-13 16:33

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2022.html
	https://security.netapp.com/advisory/ntap-20221028-0012/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	vendor-advisory
	https://security.gentoo.org/glsa/202401-25

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:11.0.16.1 Version: Oracle Java SE:17.0.4.1 Version: Oracle Java SE:19 Version: Oracle GraalVM Enterprise Edition:20.3.7 Version: Oracle GraalVM Enterprise Edition:21.3.3 Version: Oracle GraalVM Enterprise Edition:22.2.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T12:07:41.998Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
               },
               {
                  name: "FEDORA-2022-5d494ab9ab",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
               },
               {
                  name: "FEDORA-2022-f76014ae17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.16.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.4.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:19",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.3",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.2.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-01-17T15:06:33.128Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
            },
            {
               name: "FEDORA-2022-5d494ab9ab",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
            },
            {
               name: "FEDORA-2022-f76014ae17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-25",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-39399",
      datePublished: "2022-10-18T00:00:00.000Z",
      dateReserved: "2022-09-02T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:33:00.807Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21296 (GCVE-0-2022-21296)

Vulnerability from cvelistv5

Published

2022-01-19 11:23

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.557Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:33.516Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21296",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21296",
      datePublished: "2022-01-19T11:23:38",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.557Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21341 (GCVE-0-2022-21341)

Vulnerability from cvelistv5

Published

2022-01-19 11:25

Modified

2024-08-03 02:38

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:55.285Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:53.724Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21341",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21341",
      datePublished: "2022-01-19T11:25:02",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:55.285Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-22006 (GCVE-0-2023-22006)

Vulnerability from cvelistv5

Published

2023-07-18 20:18

Modified

2025-02-13 16:43

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20230725-0006/
	https://www.debian.org/security/2023/dsa-5458
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.529Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5458",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.19",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.10",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:20.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.1,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-19T10:06:18.688Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5458",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22006",
      datePublished: "2023-07-18T20:18:06.679Z",
      dateReserved: "2022-12-17T19:26:00.745Z",
      dateUpdated: "2025-02-13T16:43:22.742Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21248 (GCVE-0-2022-21248)

Vulnerability from cvelistv5

Published

2022-01-19 11:22

Modified

2024-09-24 20:32

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://www.debian.org/security/2022/dsa-5057	vendor-advisory, x_refsource_DEBIAN
	https://www.debian.org/security/2022/dsa-5058	vendor-advisory, x_refsource_DEBIAN
	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	vendor-advisory, x_refsource_FEDORA
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:31:59.380Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "DSA-5057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5057",
               },
               {
                  name: "DSA-5058",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5058",
               },
               {
                  name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
               },
               {
                  name: "FEDORA-2022-b706eef225",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/",
               },
               {
                  name: "FEDORA-2022-416be040a8",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/",
               },
               {
                  name: "FEDORA-2022-477401b0f7",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21248",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-24T17:45:14.155785Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-24T20:32:08.693Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u311",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.13",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.4",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-07T23:20:56.641Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "DSA-5057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5057",
            },
            {
               name: "DSA-5058",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2022/dsa-5058",
            },
            {
               name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
            },
            {
               name: "FEDORA-2022-b706eef225",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/",
            },
            {
               name: "FEDORA-2022-416be040a8",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/",
            },
            {
               name: "FEDORA-2022-477401b0f7",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21248",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Java SE JDK and JRE",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:7u321",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:8u311",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:11.0.13",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle Java SE:17.0.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:20.3.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "Oracle GraalVM Enterprise Edition:21.3.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "3.7",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "DSA-5057",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5057",
                  },
                  {
                     name: "DSA-5058",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2022/dsa-5058",
                  },
                  {
                     name: "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
                  },
                  {
                     name: "FEDORA-2022-b706eef225",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/",
                  },
                  {
                     name: "FEDORA-2022-416be040a8",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/",
                  },
                  {
                     name: "FEDORA-2022-477401b0f7",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21248",
      datePublished: "2022-01-19T11:22:01",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-09-24T20:32:08.693Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-21937 (GCVE-0-2023-21937)

Vulnerability from cvelistv5

Published

2023-04-18 19:54

Modified

2025-02-13 16:40

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-20230427-0008/
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u361 Version: Oracle Java SE:8u361-perf Version: Oracle Java SE:11.0.18 Version: Oracle Java SE:17.0.6 Version: Oracle Java SE:20 Version: Oracle GraalVM Enterprise Edition:20.3.9 Version: Oracle GraalVM Enterprise Edition:21.3.5 Version: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-21937",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-17T13:34:57.672416Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-17T13:35:04.830Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.528Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5430",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u361-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.18",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.9",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:51.844Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
            },
            {
               url: "https://www.couchbase.com/alerts/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5430",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-21937",
      datePublished: "2023-04-18T19:54:25.624Z",
      dateReserved: "2022-12-17T19:26:00.722Z",
      dateUpdated: "2025-02-13T16:40:27.188Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21271 (GCVE-0-2022-21271)

Vulnerability from cvelistv5

Published

2022-01-19 11:22

Modified

2024-09-24 20:29

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220121-0007/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/202209-05	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Solaris Operating System	Version: 11

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:31:59.239Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2022.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
               },
               {
                  name: "GLSA-202209-05",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202209-05",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21271",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-24T17:35:28.936640Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-24T20:29:11.662Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Solaris Operating System",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "11",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-09-07T04:06:43",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2022.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
            },
            {
               name: "GLSA-202209-05",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202209-05",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert_us@oracle.com",
               ID: "CVE-2022-21271",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Solaris Operating System",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "11",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Oracle Corporation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.3",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2022.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
                  },
                  {
                     name: "GLSA-202209-05",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202209-05",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21271",
      datePublished: "2022-01-19T11:22:48",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-09-24T20:29:11.662Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-21443 (GCVE-0-2022-21443)

Vulnerability from cvelistv5

Published

2022-04-19 20:37

Modified

2024-08-03 02:38

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://security.netapp.com/advisory/ntap-20220429-0006/
	https://www.debian.org/security/2022/dsa-5128	vendor-advisory
	https://www.debian.org/security/2022/dsa-5131	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	mailing-list
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:7u331 Version: Oracle Java SE:8u321 Version: Oracle Java SE:11.0.14 Version: Oracle Java SE:17.0.2 Version: Oracle Java SE:18 Version: Oracle GraalVM Enterprise Edition:20.3.5 Version: Oracle GraalVM Enterprise Edition:21.3.1 Version: Oracle GraalVM Enterprise Edition:22.0.0.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-21443",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-06-24T15:31:25.581438Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-24T15:31:36.356Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T02:38:56.379Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
               },
               {
                  name: "DSA-5128",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5128",
               },
               {
                  name: "DSA-5131",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5131",
               },
               {
                  name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:7u331",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u321",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.14",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:18",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.5",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.0.0.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:06:38.587068",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
            },
            {
               name: "DSA-5128",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5128",
            },
            {
               name: "DSA-5131",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5131",
            },
            {
               name: "[debian-lts-announce] 20220514 [SECURITY] [DLA 3006-1] openjdk-8 security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2022-21443",
      datePublished: "2022-04-19T20:37:30",
      dateReserved: "2021-11-15T00:00:00",
      dateUpdated: "2024-08-03T02:38:56.379Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-22045 (GCVE-0-2023-22045)

Vulnerability from cvelistv5

Published

2023-07-18 20:18

Modified

2025-02-13 16:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpujul2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20230725-0006/
	https://www.debian.org/security/2023/dsa-5458
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u371 Version: Oracle Java SE:8u371-perf Version: Oracle Java SE:11.0.19 Version: Oracle Java SE:17.0.7 Version: Oracle Java SE:20.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.10 Version: Oracle GraalVM Enterprise Edition:21.3.6 Version: Oracle GraalVM Enterprise Edition:22.3.2 Version: Oracle GraalVM for JDK:17.0.7 Version: Oracle GraalVM for JDK:20.0.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.912Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5458",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5478",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u371",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u371-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:11.0.19",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:20.0.1",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.10",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.6",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:22.3.2",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:17.0.7",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM for JDK:20.0.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-19T10:06:25.832Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5458",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5478",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22045",
      datePublished: "2023-07-18T20:18:28.991Z",
      dateReserved: "2022-12-17T19:26:00.754Z",
      dateUpdated: "2025-02-13T16:43:30.946Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-22067 (GCVE-0-2023-22067)

Vulnerability from cvelistv5

Published

2023-10-17 21:02

Modified

2024-08-02 09:59

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2023.html	vendor-advisory
	https://security.netapp.com/advisory/ntap-20231027-0006/
	https://www.debian.org/security/2023/dsa-5537

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Version: Oracle Java SE:8u381 Version: Oracle Java SE:8u381-perf Version: Oracle GraalVM Enterprise Edition:20.3.11 Version: Oracle GraalVM Enterprise Edition:21.3.7

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T09:59:28.818Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "Oracle Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5537",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Java SE JDK and JRE",
               vendor: "Oracle Corporation",
               versions: [
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u381",
                  },
                  {
                     status: "affected",
                     version: "Oracle Java SE:8u381-perf",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:20.3.11",
                  },
                  {
                     status: "affected",
                     version: "Oracle GraalVM Enterprise Edition:21.3.7",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en-US",
               value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and  21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
                     lang: "en-US",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-11-08T04:14:08.574Z",
            orgId: "43595867-4340-4103-b7a2-9a5208d29a85",
            shortName: "oracle",
         },
         references: [
            {
               name: "Oracle Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5537",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85",
      assignerShortName: "oracle",
      cveId: "CVE-2023-22067",
      datePublished: "2023-10-17T21:02:50.986Z",
      dateReserved: "2022-12-17T19:26:00.757Z",
      dateUpdated: "2024-08-02T09:59:28.818Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-34169 (GCVE-0-2022-34169)

Vulnerability from cvelistv5

Published

2022-07-19 00:00

Modified

2025-02-13 16:32

Severity ?

Summary

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

References

▼	URL	Tags
	https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
	http://www.openwall.com/lists/oss-security/2022/07/19/5	mailing-list
	https://www.oracle.com/security-alerts/cpujul2022.html
	http://www.openwall.com/lists/oss-security/2022/07/19/6	mailing-list
	http://www.openwall.com/lists/oss-security/2022/07/20/2	mailing-list
	http://www.openwall.com/lists/oss-security/2022/07/20/3	mailing-list
	https://www.debian.org/security/2022/dsa-5188	vendor-advisory
	https://www.debian.org/security/2022/dsa-5192	vendor-advisory
	https://security.netapp.com/advisory/ntap-20220729-0009/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/	vendor-advisory
	http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
	http://www.openwall.com/lists/oss-security/2022/10/18/2	mailing-list
	https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html	mailing-list
	https://www.debian.org/security/2022/dsa-5256	vendor-advisory
	http://www.openwall.com/lists/oss-security/2022/11/04/8	mailing-list
	http://www.openwall.com/lists/oss-security/2022/11/07/2	mailing-list
	https://security.gentoo.org/glsa/202401-25
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Xalan-J	Version: Xalan-J <

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T08:16:17.277Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw",
               },
               {
                  name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/07/19/5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/07/19/6",
               },
               {
                  name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/07/20/2",
               },
               {
                  name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/07/20/3",
               },
               {
                  name: "DSA-5188",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5188",
               },
               {
                  name: "DSA-5192",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5192",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
               },
               {
                  name: "FEDORA-2022-19b6f21746",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
               },
               {
                  name: "FEDORA-2022-ae563934f7",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
               },
               {
                  name: "FEDORA-2022-e573851f56",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
               },
               {
                  name: "FEDORA-2022-d26586b419",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
               },
               {
                  name: "FEDORA-2022-80afe2304a",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
               },
               {
                  name: "FEDORA-2022-b76ab52e73",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html",
               },
               {
                  name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/10/18/2",
               },
               {
                  name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html",
               },
               {
                  name: "DSA-5256",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2022/dsa-5256",
               },
               {
                  name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/04/8",
               },
               {
                  name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/11/07/2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202401-25",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Xalan-J",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     lessThanOrEqual: "2.7.2",
                     status: "affected",
                     version: "Xalan-J",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Reported by Felix Wilhelm, Google Project Zero",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "integer truncation",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:47.103Z",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8",
            },
            {
               url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw",
            },
            {
               name: "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/07/19/5",
            },
            {
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/07/19/6",
            },
            {
               name: "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/07/20/2",
            },
            {
               name: "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/07/20/3",
            },
            {
               name: "DSA-5188",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5188",
            },
            {
               name: "DSA-5192",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5192",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
            },
            {
               name: "FEDORA-2022-19b6f21746",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
            },
            {
               name: "FEDORA-2022-ae563934f7",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
            },
            {
               name: "FEDORA-2022-e573851f56",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
            },
            {
               name: "FEDORA-2022-d26586b419",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
            },
            {
               name: "FEDORA-2022-80afe2304a",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
            },
            {
               name: "FEDORA-2022-b76ab52e73",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
            },
            {
               url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html",
            },
            {
               name: "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/10/18/2",
            },
            {
               name: "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html",
            },
            {
               name: "DSA-5256",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2022/dsa-5256",
            },
            {
               name: "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/04/8",
            },
            {
               name: "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/11/07/2",
            },
            {
               url: "https://security.gentoo.org/glsa/202401-25",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2022-34169",
      datePublished: "2022-07-19T00:00:00.000Z",
      dateReserved: "2022-06-21T00:00:00.000Z",
      dateUpdated: "2025-02-13T16:32:44.088Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd

Published

2022-03-11 07:15

Modified

2024-11-21 05:29

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

References

URL	Tags
cve@mitre.org	https://github.com/FasterXML/jackson-databind/issues/2816	Issue Tracking, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html	Mailing List, Third Party Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20220506-0004/	Third Party Advisory
cve@mitre.org	https://www.debian.org/security/2022/dsa-5283	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FasterXML/jackson-databind/issues/2816	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220506-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5283	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

Impacted products

Vendor	Product	Version
fasterxml	jackson-databind	*
fasterxml	jackson-databind	*
oracle	big_data_spatial_and_graph	*
oracle	coherence	14.1.1.0.0
oracle	commerce_platform	11.3.0
oracle	commerce_platform	11.3.1
oracle	commerce_platform	11.3.2
oracle	communications_billing_and_revenue_management	*
oracle	communications_cloud_native_core_binding_support_function	22.1.3
oracle	communications_cloud_native_core_console	1.9.0
oracle	communications_cloud_native_core_network_repository_function	22.1.2
oracle	communications_cloud_native_core_network_repository_function	22.2.0
oracle	communications_cloud_native_core_network_slice_selection_function	22.1.0
oracle	communications_cloud_native_core_network_slice_selection_function	22.1.1
oracle	communications_cloud_native_core_security_edge_protection_proxy	22.1.1
oracle	communications_cloud_native_core_service_communication_proxy	22.2.0
oracle	communications_cloud_native_core_unified_data_repository	22.2.0
oracle	financial_services_analytical_applications_infrastructure	*
oracle	financial_services_analytical_applications_infrastructure	8.1.1.0
oracle	financial_services_analytical_applications_infrastructure	8.1.2.0
oracle	financial_services_analytical_applications_infrastructure	8.1.2.1
oracle	financial_services_behavior_detection_platform	*
oracle	financial_services_behavior_detection_platform	8.0.7.0.0
oracle	financial_services_behavior_detection_platform	8.0.8
oracle	financial_services_crime_and_compliance_management_studio	8.0.8.2.0
oracle	financial_services_crime_and_compliance_management_studio	8.0.8.3.0
oracle	financial_services_enterprise_case_management	*
oracle	financial_services_enterprise_case_management	8.0.7.1
oracle	financial_services_enterprise_case_management	8.0.7.2
oracle	financial_services_enterprise_case_management	8.0.8.0
oracle	financial_services_enterprise_case_management	8.0.8.1
oracle	financial_services_trade-based_anti_money_laundering	8.0.7
oracle	financial_services_trade-based_anti_money_laundering	8.0.8
oracle	global_lifecycle_management_nextgen_oui_framework	*
oracle	global_lifecycle_management_nextgen_oui_framework	13.9.4.2.2
oracle	global_lifecycle_management_opatch	*
oracle	graph_server_and_client	*
oracle	health_sciences_empirica_signal	9.1.0.5.2
oracle	peoplesoft_enterprise_peopletools	8.58
oracle	peoplesoft_enterprise_peopletools	8.59
oracle	primavera_gateway	*
oracle	primavera_gateway	*
oracle	primavera_gateway	*
oracle	primavera_gateway	*
oracle	primavera_gateway	*
oracle	primavera_p6_enterprise_project_portfolio_management	*
oracle	primavera_p6_enterprise_project_portfolio_management	*
oracle	primavera_p6_enterprise_project_portfolio_management	*
oracle	primavera_p6_enterprise_project_portfolio_management	*
oracle	primavera_unifier	*
oracle	primavera_unifier	18.0
oracle	primavera_unifier	19.12
oracle	primavera_unifier	20.12
oracle	primavera_unifier	21.12
oracle	retail_sales_audit	15.0.3.1
oracle	sd-wan_edge	9.0
oracle	sd-wan_edge	9.1
oracle	spatial_studio	*
oracle	utilities_framework	4.3.0.5.0
oracle	utilities_framework	4.3.0.6.0
oracle	utilities_framework	4.4.0.0.0
oracle	utilities_framework	4.4.0.2.0
oracle	utilities_framework	4.4.0.3.0
oracle	utilities_framework	4.4.0.5.0
oracle	weblogic_server	12.2.1.3.0
oracle	weblogic_server	12.2.1.4.0
oracle	weblogic_server	14.1.1.0.0
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	snap_creator_framework	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4445932-0923-4D28-8911-CFC9B61DFE2B",
                     versionEndExcluding: "2.12.6.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "862ED616-15D6-42A2-88DB-9D3F304EFB5D",
                     versionEndExcluding: "2.13.2.1",
                     versionStartIncluding: "2.13.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "384DEDD9-CB26-4306-99D8-83068A9B23ED",
                     versionEndExcluding: "23.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "869CDD22-4A6C-4665-AA37-E340B07EF81C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCE2010E-A144-4ED2-B73D-1CA3800A8F71",
                     versionEndIncluding: "12.0.0.6.0",
                     versionStartIncluding: "12.0.0.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A264E0DE-209D-49B1-8B26-51AB8BBC97F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F4637E5-3324-441D-94E9-C2DBE9A6B502",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4E817B5-A26B-4EA8-BA93-F87F42114FF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "74810125-09E6-4F27-B541-AFB61112AC56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69F21EC6-EC2F-4E96-A9DE-621B84105304",
                     versionEndIncluding: "8.1.0.0",
                     versionStartIncluding: "8.0.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3CC69CF0-6269-40F5-871B-16CFD5EC4C45",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACB82398-7281-47CF-81F9-A8A67D9C9DFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD9AC3A6-9B91-4B55-A320-A40E95F21058",
                     versionEndIncluding: "8.1.2.1",
                     versionStartIncluding: "8.1.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F9319627-379D-4069-8AC9-512D411F22DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AC36036-07CE-4903-8FFB-445C6908F0CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "55F091C7-0869-4FD6-AC73-DA697D990304",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D134C60-F9E2-46C2-8466-DB90AD98439E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6F77FFB-558E-4740-A63E-B702EE12EF68",
                     versionEndIncluding: "8.1.2.1",
                     versionStartIncluding: "8.1.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C64D669C-513E-4C53-8BB8-13EB336CDC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4BDDBCD-4038-4BEC-91DB-587C2FBC6369",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6394E90-2F2C-4955-9F97-BFED76D4333B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "10BBAD37-51A1-4819-807B-2642E9D4A69C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE85204F-614D-4EF1-ABEB-B3CD381C2CB0",
                     versionEndExcluding: "13.9.4.2.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F0728F8-14D0-4282-9CA7-EFCD68EE77AF",
                     versionEndExcluding: "12.2.0.1.30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "097A31AB-B77F-4DC5-9CD8-AC3A403607AA",
                     versionEndExcluding: "22.2.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "42F4D251-489F-41C8-BFA3-B51A1B69028D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
                     versionEndIncluding: "17.12.11",
                     versionStartIncluding: "17.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F04DF183-EBCB-456E-90F9-A8500E6E32B7",
                     versionEndIncluding: "18.8.14",
                     versionStartIncluding: "18.8.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D30B0D1-4466-4601-8822-CE8ADBB381FB",
                     versionEndIncluding: "19.12.13",
                     versionStartIncluding: "19.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "17DE4709-5FFB-4E70-9416-553D89149D51",
                     versionEndIncluding: "20.12.18",
                     versionStartIncluding: "20.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2982311E-B89A-4F9A-8BD2-44635DDDC10B",
                     versionEndIncluding: "21.12.1",
                     versionStartIncluding: "21.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "050C3F61-FD74-4B62-BBC7-FFF05B22FB34",
                     versionEndIncluding: "17.12.20.4",
                     versionStartIncluding: "17.12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD0A17FC-BFA9-4EA5-8D4F-1CEC5BC11AA7",
                     versionEndIncluding: "18.8.25.4",
                     versionStartIncluding: "18.8.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BC6277C-7C2F-49E1-8A68-4C726A087F74",
                     versionEndIncluding: "19.12.19.0",
                     versionStartIncluding: "19.12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C383F1DE-32E0-4E77-9C5F-2D91893F458E",
                     versionEndIncluding: "21.12.4.0",
                     versionStartIncluding: "20.12.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AFBEE29-1972-40B1-ADD6-536D5C74D4EA",
                     versionEndIncluding: "17.12",
                     versionStartIncluding: "17.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "951EC479-1B04-49C9-8381-D849685E7517",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "10864586-270E-4ACF-BDCC-ECFCD299305F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "38340E3C-C452-4370-86D4-355B6B4E0A06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B32D7B0-CAE2-4B31-94C4-6124356C12B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E244A7B-EB39-4A84-BB01-EB09037A701F",
                     versionEndExcluding: "20.1.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A5BBA303-8D2B-48C5-B52A-4E192166699C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B393A82-476A-4270-A903-38ED4169E431",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4DAAD73-FE86-4934-AB1A-A60E840C6C1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
                     matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.",
      },
      {
         lang: "es",
         value: "jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados",
      },
   ],
   id: "CVE-2020-36518",
   lastModified: "2024-11-21T05:29:44.297",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-03-11T07:15:07.800",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2816",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5283",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://github.com/FasterXML/jackson-databind/issues/2816",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220506-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5283",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	34
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable fácilmente, permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21283",
   lastModified: "2024-11-21T06:44:17.427",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:11.977",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-04-18 20:15

Modified

2024-11-21 07:43

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "F26CDEF2-A840-4957-A390-19E48AEEC70A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "DB18EEA4-9670-4EBC-8559-6766740980F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10C81D-E148-4208-BA86-086B935A1254",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
                     versionEndExcluding: "8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
                     versionEndIncluding: "11.0.18",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83395182-E46E-47FF-A781-4EF235BC83B6",
                     versionEndIncluding: "17.0.6",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "77172BC0-8637-41F6-AE3B-83006D6735DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
      },
   ],
   id: "CVE-2023-21930",
   lastModified: "2024-11-21T07:43:56.237",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-18T20:15:13.883",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-01-16 22:15

Modified

2024-11-21 08:53

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2024.html	Patch
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2024.html	Patch

Impacted products

Vendor	Product	Version
oracle	graalvm	21.3.8
oracle	graalvm	22.3.4
oracle	graalvm_for_jdk	17.0.9
oracle	jdk	17.0.9
oracle	jre	17.0.9
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and  22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 17.0.9; Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 y 22.3.4. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creación, eliminación o modificación de datos críticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntaje base 7.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
      },
   ],
   id: "CVE-2024-20932",
   lastModified: "2024-11-21T08:53:27.550",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-16T22:15:40.763",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-07-18 21:15

Modified

2024-11-21 07:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.10
oracle	graalvm	21.3.6
oracle	graalvm	22.3.2
oracle	graalvm_for_jdk	17.0.7
oracle	graalvm_for_jdk	20.0.1
oracle	jdk	11.0.19
oracle	jdk	17.0.7
oracle	jdk	20.0.1
oracle	jre	11.0.19
oracle	jre	17.0.7
oracle	jre	20.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility).  Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
   ],
   id: "CVE-2023-22036",
   lastModified: "2024-11-21T07:44:08.970",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-18T21:15:13.587",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21299",
   lastModified: "2024-11-21T06:44:21.397",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:12.727",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	java_se	7u331
oracle	java_se	8u321
oracle	java_se	11.0.14
oracle	java_se	17.0.2
oracle	java_se	18
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire	-
netapp	bootstrap_os	-
netapp	hci_compute_node	-
debian	debian_linux	9.0
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*",
                     matchCriteriaId: "C15F860C-6B33-4950-B443-E2A7D4639573",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*",
                     matchCriteriaId: "696E27A2-34A2-49A8-BEF4-61718D11DD2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "00AC1B6D-9156-40A3-B606-845CCC33D724",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "022EC03C-1574-4421-9AB7-0EEF0D089322",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
                     matchCriteriaId: "850B5359-7804-406B-9DC9-D22D65ACEE40",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
                     matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AD8BF00-C510-4E63-8949-CB64E9043610",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JNDI). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no confiable (por ejemplo, código procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21496",
   lastModified: "2024-11-21T06:44:50.123",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-04-19T21:15:18.497",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-10-18 21:15

Modified

2024-11-21 07:18

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.7
oracle	graalvm	21.3.3
oracle	graalvm	22.2.0
oracle	jdk	11.0.16.1
oracle	jdk	17.0.4.1
oracle	jdk	19
oracle	jre	11.0.16.1
oracle	jre	17.0.4.1
oracle	jre	19
fedoraproject	fedora	35
fedoraproject	fedora	36
netapp	7-mode_transition_tool	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_unified_manager	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_web_services_proxy	-
azul	zulu	11.58
azul	zulu	13.50
azul	zulu	15.42
azul	zulu	17.36
azul	zulu	19.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0DDD4602-7175-4DB6-B9D9-E7CDF482D263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "71668668-8383-4366-A184-F26455271914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C99B4F5D-3784-42B8-89CA-CDD2AA86B80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C13BD2F4-05F5-44FD-A217-2049CA5E680B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05CB121D-1430-47CE-BF7B-9567A234C7D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "361979FB-5B05-46A5-A6A2-993B51DF9E44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99A04E21-5FCB-4DA7-873A-2FE3AA713669",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCF1C861-79F0-47F8-96E9-6AE0AEFDEC8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "435B90D6-F0BE-4451-867B-C31116D52A9C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0DA944C-4992-424D-BC82-474585DAC5DF",
                     versionEndIncluding: "11.70.2",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB695329-036B-447D-BEB0-AA4D89D1D99C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_web_services_proxy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84007013-7E55-40E3-94F7-55C04D69AE3C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "9323C11D-50C6-4356-A2FF-294F750906AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC373919-C38D-4E22-A52D-BA9074E88124",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7832CA7-569F-4C01-991C-F74F24CC2A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.36:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2878A5A-63FA-4681-8643-D47DA6E9011F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:19.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "B394E478-B822-488E-B74B-F46C4DB2B1A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Networking). Las versiones soportadas que están afectadas son Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 y 22.2.0. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no confiable (por ejemplo, código procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad no es aplicada a las implantaciones de Java, normalmente en servidores, que cargan y ejecutan únicamente código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntuación Base 3.7 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-39399",
   lastModified: "2024-11-21T07:18:12.763",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-18T21:15:14.730",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-10-18 21:15

Modified

2024-11-21 06:45

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.7
oracle	graalvm	21.3.3
oracle	graalvm	22.2.0
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.16.1
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.16.1
fedoraproject	fedora	35
fedoraproject	fedora	36
netapp	7-mode_transition_tool	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_unified_manager	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_web_services_proxy	-
azul	zulu	6.49
azul	zulu	7.56
azul	zulu	8.64
azul	zulu	11.58
azul	zulu	13.50
azul	zulu	15.42

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0DDD4602-7175-4DB6-B9D9-E7CDF482D263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "71668668-8383-4366-A184-F26455271914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C99B4F5D-3784-42B8-89CA-CDD2AA86B80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "EC1EEFCE-432E-40EE-B547-A193896C4CA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "FB70CB5F-AABC-4CF2-B17E-D9C8D1E22F1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C13BD2F4-05F5-44FD-A217-2049CA5E680B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "94F132CF-6D24-4E80-B959-7ED1F247C3D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "B472E91E-F08F-4CBB-8FDB-37F8EDFB602E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99A04E21-5FCB-4DA7-873A-2FE3AA713669",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0DA944C-4992-424D-BC82-474585DAC5DF",
                     versionEndIncluding: "11.70.2",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB695329-036B-447D-BEB0-AA4D89D1D99C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_web_services_proxy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84007013-7E55-40E3-94F7-55C04D69AE3C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCB7D337-B3E6-4BCE-8249-0473D2DE08BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "285FB110-9501-4F23-BC21-B2EE1E1B82BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.64:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB77FECF-07E1-448E-86F2-DD78B443D7C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "9323C11D-50C6-4356-A2FF-294F750906AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC373919-C38D-4E22-A52D-BA9074E88124",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7832CA7-569F-4C01-991C-F74F24CC2A01",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Security). Las versiones soportadas que están afectadas son Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 y 22.2.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTPS comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una denegación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuación Base 5.3 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21626",
   lastModified: "2024-11-21T06:45:06.090",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-18T21:15:13.770",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-04-18 20:15

Modified

2024-11-21 07:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "F26CDEF2-A840-4957-A390-19E48AEEC70A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "DB18EEA4-9670-4EBC-8559-6766740980F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10C81D-E148-4208-BA86-086B935A1254",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
                     versionEndExcluding: "8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
                     versionEndIncluding: "11.0.18",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83395182-E46E-47FF-A781-4EF235BC83B6",
                     versionEndIncluding: "17.0.6",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "77172BC0-8637-41F6-AE3B-83006D6735DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-21937",
   lastModified: "2024-11-21T07:43:57.107",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-18T20:15:14.507",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	34
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21293",
   lastModified: "2024-11-21T06:44:20.403",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:12.447",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-19 22:15

Modified

2024-11-21 06:44

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5188	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5188	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.6
oracle	graalvm	21.3.2
oracle	graalvm	22.1.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.15.1
oracle	jdk	17.0.3.1
oracle	jdk	18.0.1.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.15.1
oracle	jre	17.0.3.1
oracle	jre	18.0.1.1
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	18
fedoraproject	fedora	36
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	solidfire	-
netapp	hci_compute_node	-
azul	zulu	7.54
azul	zulu	8.62
azul	zulu	11.56
azul	zulu	13.48
azul	zulu	15.40
azul	zulu	17.34
azul	zulu	18.30

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "7D961E24-EA18-4217-B5F5-F847726D84E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*",
                     matchCriteriaId: "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*",
                     matchCriteriaId: "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C0485FC-E4B2-464E-8228-1387AC5F353B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5CC9398-71B6-4480-95ED-EDCE838D157E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*",
                     matchCriteriaId: "60614E43-090E-44D7-94AD-FFAE38FF111F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*",
                     matchCriteriaId: "131E1C9E-721C-4176-B78B-69C01F90A9A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD4BFA12-588A-4D8D-B45F-648A55EC674C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EF9CFB1-CEC9-483E-BECF-618190C03944",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9",
                     versionEndIncluding: "11.0.15",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539",
                     versionEndIncluding: "13.0.11",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08",
                     versionEndIncluding: "15.0.7",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053",
                     versionEndIncluding: "17.0.3",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C77346-8893-44F0-B0D1-5D4D30A9CA3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*",
                     matchCriteriaId: "63E58DE0-A96A-452E-986F-3BD2FEA7C723",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD7A33EC-DE03-424F-9796-E5EA071FF6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "20DFD9D8-8648-40F7-81B8-04F852A337FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones afectadas son Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 y 22.1.0. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la creación no autorizada, la eliminación o el acceso a la modificación de datos críticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no confiable (por ejemplo, código procedente de Internet) y que dependen de la sandbox de Java para su seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.9 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
      },
   ],
   id: "CVE-2022-21541",
   lastModified: "2024-11-21T06:44:55.193",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-19T22:15:11.783",
   references: [
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5188",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5188",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-04-18 20:15

Modified

2024-11-21 07:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "F26CDEF2-A840-4957-A390-19E48AEEC70A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "DB18EEA4-9670-4EBC-8559-6766740980F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10C81D-E148-4208-BA86-086B935A1254",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
                     versionEndIncluding: "11.0.18",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83395182-E46E-47FF-A781-4EF235BC83B6",
                     versionEndIncluding: "17.0.6",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "77172BC0-8637-41F6-AE3B-83006D6735DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-21968",
   lastModified: "2024-11-21T07:44:00.860",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-18T20:15:16.470",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones compatibles que están afectadas son Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable fácilmente, permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21366",
   lastModified: "2024-11-21T06:44:31.710",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:15.817",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-07-18 21:15

Modified

2024-11-21 07:44

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.10
oracle	graalvm	21.3.6
oracle	graalvm	22.3.2
oracle	graalvm_for_jdk	17.0.7
oracle	graalvm_for_jdk	20.0.1
oracle	jdk	1.8.0
oracle	jdk	11.0.19
oracle	jdk	17.0.7
oracle	jdk	20.0.1
oracle	jre	1.8.0
oracle	jre	11.0.19
oracle	jre	17.0.7
oracle	jre	20.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "C69380A5-FD13-4C73-9940-99B4776EA4F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "47818A5A-7C5C-4B18-8529-7F9DB00A7626",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
      },
   ],
   id: "CVE-2023-22041",
   lastModified: "2024-11-21T07:44:09.610",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.4,
            impactScore: 3.6,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.4,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Secondary",
         },
      ],
   },
   published: "2023-07-18T21:15:13.963",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-01-16 22:15

Modified

2024-11-21 08:53

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.12
oracle	graalvm	21.3.8
oracle	graalvm	22.3.4
oracle	graalvm_for_jdk	17.0.9
oracle	graalvm_for_jdk	21.0.1
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.21
oracle	jdk	17.0.9
oracle	jdk	21.0.1
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.21
oracle	jre	17.0.9
oracle	jre	21.0.1
debian	debian_linux	10.0
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C5781C-4153-431D-991E-637E253EDC87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "568F994E-135F-486D-B57C-0245A1BC253B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F76A51BB-6DAE-4506-B737-7A5854543F18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creación, eliminación o modificación de datos críticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, así como acceso no autorizado a datos críticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
      },
   ],
   id: "CVE-2024-20918",
   lastModified: "2024-11-21T08:53:25.790",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-16T22:15:39.510",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-10-17 22:15

Modified

2024-11-21 07:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20231027-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5537	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5548	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231027-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5537	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5548	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm_for_jdk	17.0.8
oracle	graalvm_for_jdk	21
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.2
oracle	jdk	17.0.8
oracle	jdk	21.0.0
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.2
oracle	jre	17.0.8
oracle	jre	21.0.0
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5A01042-97E8-483B-BBE2-C9A968423FCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:-:*:*:*",
                     matchCriteriaId: "2950AC81-A9E7-4CC8-A20D-10AEAAD672D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "1280B8AA-B341-42DC-BA23-4DD970970570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "40C0CB6C-5A35-45E8-A481-F437360F6B7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D07E25C0-81ED-4DA9-85D3-CF2C758D25D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:21.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "89511E56-D9E1-46D2-A591-EEC11A4194B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:-:*:*:*",
                     matchCriteriaId: "9B5F1CAA-26EA-4558-BA69-51D0EB0726DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "54EEB032-9164-49FB-97CB-728A64C43495",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A824CA38-74B2-43FC-9C72-6CE37B97D59F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "25D40D36-9C91-49AB-9120-97A867715E20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:21.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B331904-AF1B-4C47-A664-A257CB16DDEB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and  22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK de Oracle Java SE (componente: JSSE). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTPS comprometer Oracle Java SE y Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una Denegación de Servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM para JDK. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntuación base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
   ],
   id: "CVE-2023-22081",
   lastModified: "2024-11-21T07:44:14.347",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-17T22:15:13.573",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5537",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5548",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00041.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5537",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5548",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21340",
   lastModified: "2024-11-21T06:44:27.700",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:14.650",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-10-17 22:15

Modified

2024-11-21 07:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20231027-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5548	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231027-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5548	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm_for_jdk	17.0.8
oracle	graalvm_for_jdk	21
oracle	jdk	1.8.0
oracle	jdk	17.0.8
oracle	jdk	21.0.0
oracle	jre	1.8.0
oracle	jre	17.0.8
oracle	jre	21.0.0
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5A01042-97E8-483B-BBE2-C9A968423FCD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "1280B8AA-B341-42DC-BA23-4DD970970570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D07E25C0-81ED-4DA9-85D3-CF2C758D25D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:21.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "89511E56-D9E1-46D2-A591-EEC11A4194B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "54EEB032-9164-49FB-97CB-728A64C43495",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "25D40D36-9C91-49AB-9120-97A867715E20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:21.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B331904-AF1B-4C47-A664-A257CB16DDEB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and  22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM para JDK de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition y Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualización, inserción o eliminación no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition y Oracle GraalVM para JDK. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 3.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-22025",
   lastModified: "2024-11-21T07:44:07.720",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-17T22:15:11.837",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5548",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5548",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)",
      },
   ],
   id: "CVE-2022-21282",
   lastModified: "2024-11-21T06:44:17.190",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:11.930",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-07-18 21:15

Modified

2024-11-21 07:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	graalvm	20.3.10
oracle	graalvm	21.3.6
oracle	graalvm	22.3.2
oracle	graalvm_for_jdk	17.0.7
oracle	graalvm_for_jdk	20.0.1
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.19
oracle	jdk	17.0.7
oracle	jdk	20.0.1
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.19
oracle	jre	17.0.7
oracle	jre	20.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:-:*:*:*",
                     matchCriteriaId: "5D736709-DA37-4A09-B0E9-ABE12512DD6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "C69380A5-FD13-4C73-9940-99B4776EA4F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:-:*:*:*",
                     matchCriteriaId: "12264955-3C82-413F-B814-C5538470DE13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "47818A5A-7C5C-4B18-8529-7F9DB00A7626",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-22049",
   lastModified: "2024-11-21T07:44:10.630",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-18T21:15:14.567",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)",
      },
   ],
   id: "CVE-2022-21296",
   lastModified: "2024-11-21T06:44:20.930",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:12.587",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.14
oracle	jdk	17.0.2
oracle	jdk	18
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.14
oracle	jre	17.0.2
oracle	jre	18
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire\,_enterprise_sds_\&_hci_storage_node	-
netapp	solidfire_\&_hci_management_node	-
netapp	hci_compute_node_firmware	-
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update331:*:*:*:*:*:*",
                     matchCriteriaId: "13F6415A-E5FB-4C4D-B1F7-0DEFD0C04376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "6765029F-98C1-44A2-A7F7-152DCA8C9C95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "681BFE5C-6F33-4084-8F0D-2DD573782004",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A29CF53D-7DDC-4B60-8232-6C173083101F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update331:*:*:*:*:*:*",
                     matchCriteriaId: "10612D3D-6614-4C9D-B142-47B71BDAD7FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "B4FCFABB-FDEC-43BF-B611-1B54BCE510C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "47837A4D-A7B1-4F41-8F88-5F5169E7BBE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "870F82C4-D6B8-474F-909F-0187FE8EEB7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "44535879-9E87-4256-A6D9-29FB7A42AA90",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
                     matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
                     matchCriteriaId: "850B5359-7804-406B-9DC9-D22D65ACEE40",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
                     matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AD8BF00-C510-4E63-8949-CB64E9043610",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no confiable (por ejemplo, código procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21434",
   lastModified: "2024-11-21T06:44:41.427",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-04-19T21:15:15.387",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21360",
   lastModified: "2024-11-21T06:44:30.700",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:15.540",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Vendor Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	http_server	12.2.1.3.0
oracle	http_server	12.2.1.4.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	zfs_storage_appliance_kit	8.8
oracle	solaris	11
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21271",
   lastModified: "2024-11-21T06:44:15.123",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:11.417",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones compatibles que están afectadas son Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad explotable fácilmente, permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21277",
   lastModified: "2024-11-21T06:44:16.010",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:11.697",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/	Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	34
fedoraproject	fedora	35
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Serialization). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 3.7 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21248",
   lastModified: "2024-11-21T06:44:11.810",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:10.287",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4J2N4FNXW6JKJBWUZH6SNI2UHCZXQXCY/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPIWQ6DL5IPOT54UBWTISG5T24FQJ7MN/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-04-18 20:15

Modified

2024-11-21 07:43

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "F26CDEF2-A840-4957-A390-19E48AEEC70A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "DB18EEA4-9670-4EBC-8559-6766740980F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10C81D-E148-4208-BA86-086B935A1254",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
                     versionEndExcluding: "8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
                     versionEndIncluding: "11.0.18",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83395182-E46E-47FF-A781-4EF235BC83B6",
                     versionEndIncluding: "17.0.6",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "77172BC0-8637-41F6-AE3B-83006D6735DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-21939",
   lastModified: "2024-11-21T07:43:57.377",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-18T20:15:14.690",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21305",
   lastModified: "2024-11-21T06:44:22.363",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:13.013",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: ImageIO). Las versiones soportadas que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21365",
   lastModified: "2024-11-21T06:44:31.517",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:15.770",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-10-17 22:15

Modified

2024-11-21 07:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20231027-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5537	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231027-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5537	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jre	1.8.0
oracle	jre	1.8.0
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:-:*:*:*",
                     matchCriteriaId: "2950AC81-A9E7-4CC8-A20D-10AEAAD672D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "1280B8AA-B341-42DC-BA23-4DD970970570",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:-:*:*:*",
                     matchCriteriaId: "9B5F1CAA-26EA-4558-BA69-51D0EB0726DE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "54EEB032-9164-49FB-97CB-728A64C43495",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and  21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en Oracle Java SE (componente: CORBA). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381 y 8u381-perf. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de CORBA comprometer Oracle Java SE. Los ataques exitosos a esta vulnerabilidad pueden resultar en una actualización, inserción o eliminación no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE. Nota: Esta vulnerabilidad solo se puede aprovechar proporcionando datos a las API en el componente especificado sin utilizar aplicaciones Java Web Start que no son de confianza o subprogramas de Java que no son de confianza, como a través de un servicio web. CVSS 3.1 Puntaje base 5.3 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-22067",
   lastModified: "2024-11-21T07:44:12.673",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-17T22:15:12.540",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5537",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20231027-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5537",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-19 22:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5188	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5188	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.6
oracle	graalvm	21.3.2
oracle	graalvm	22.1.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.15.1
oracle	jdk	17.0.3.1
oracle	jdk	18.0.1.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.15.1
oracle	jre	17.0.3.1
oracle	jre	18.0.1.1
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	18
fedoraproject	fedora	36
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	solidfire	-
netapp	hci_compute_node	-
azul	zulu	6.47
azul	zulu	7.54
azul	zulu	8.62
azul	zulu	11.56
azul	zulu	13.48
azul	zulu	15.40
azul	zulu	17.34
azul	zulu	18.30

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "7D961E24-EA18-4217-B5F5-F847726D84E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*",
                     matchCriteriaId: "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*",
                     matchCriteriaId: "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C0485FC-E4B2-464E-8228-1387AC5F353B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5CC9398-71B6-4480-95ED-EDCE838D157E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*",
                     matchCriteriaId: "60614E43-090E-44D7-94AD-FFAE38FF111F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*",
                     matchCriteriaId: "131E1C9E-721C-4176-B78B-69C01F90A9A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD4BFA12-588A-4D8D-B45F-648A55EC674C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EF9CFB1-CEC9-483E-BECF-618190C03944",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9",
                     versionEndIncluding: "11.0.15",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539",
                     versionEndIncluding: "13.0.11",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08",
                     versionEndIncluding: "15.0.7",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053",
                     versionEndIncluding: "17.0.3",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E4633C4-E552-439D-8FE4-139E3A7956CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C77346-8893-44F0-B0D1-5D4D30A9CA3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*",
                     matchCriteriaId: "63E58DE0-A96A-452E-986F-3BD2FEA7C723",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD7A33EC-DE03-424F-9796-E5EA071FF6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "20DFD9D8-8648-40F7-81B8-04F852A337FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones afectadas son Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 y 22.1.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
      },
   ],
   id: "CVE-2022-21540",
   lastModified: "2024-11-21T06:44:55.007",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-19T22:15:11.730",
   references: [
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5188",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5188",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-04-18 20:15

Modified

2024-11-21 07:43

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "DB18EEA4-9670-4EBC-8559-6766740980F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
                     versionEndExcluding: "8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
                     versionEndIncluding: "11.0.18",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83395182-E46E-47FF-A781-4EF235BC83B6",
                     versionEndIncluding: "17.0.6",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "77172BC0-8637-41F6-AE3B-83006D6735DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
      },
   ],
   id: "CVE-2023-21954",
   lastModified: "2024-11-21T07:43:59.093",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-18T20:15:15.630",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-10-18 21:15

Modified

2024-11-21 06:45

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	21.3.3
oracle	graalvm	22.2.0
oracle	jdk	17.0.4.1
oracle	jdk	19
oracle	jre	17.0.4.1
oracle	jre	19
fedoraproject	fedora	35
fedoraproject	fedora	36
netapp	7-mode_transition_tool	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_unified_manager	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
azul	zulu	11.58
azul	zulu	13.50
azul	zulu	15.42
azul	zulu	17.36
azul	zulu	19.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "71668668-8383-4366-A184-F26455271914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C99B4F5D-3784-42B8-89CA-CDD2AA86B80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05CB121D-1430-47CE-BF7B-9567A234C7D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "361979FB-5B05-46A5-A6A2-993B51DF9E44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCF1C861-79F0-47F8-96E9-6AE0AEFDEC8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "435B90D6-F0BE-4451-867B-C31116D52A9C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0DA944C-4992-424D-BC82-474585DAC5DF",
                     versionEndIncluding: "11.70.2",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB695329-036B-447D-BEB0-AA4D89D1D99C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "9323C11D-50C6-4356-A2FF-294F750906AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC373919-C38D-4E22-A52D-BA9074E88124",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7832CA7-569F-4C01-991C-F74F24CC2A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.36:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2878A5A-63FA-4681-8643-D47DA6E9011F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:19.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "B394E478-B822-488E-B74B-F46C4DB2B1A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JGSS). Las versiones soportadas que están afectadas son Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 y 22.2.0. La vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de Kerberos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuación Base 5.3 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21618",
   lastModified: "2024-11-21T06:45:05.000",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-18T21:15:12.757",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	17
oracle	openjdk	17.0.1
fedoraproject	fedora	34

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                     matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no fiable (por ejemplo, código procedente de Internet) y que dependen de la sandbox de Java para su seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21291",
   lastModified: "2024-11-21T06:44:20.077",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:12.350",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.14
oracle	jdk	17.0.2
oracle	jdk	18
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.14
oracle	jre	17.0.2
oracle	jre	18
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire\,_enterprise_sds_\&_hci_storage_node	-
netapp	solidfire_\&_hci_management_node	-
netapp	hci_compute_node_firmware	-
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update331:*:*:*:*:*:*",
                     matchCriteriaId: "13F6415A-E5FB-4C4D-B1F7-0DEFD0C04376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "6765029F-98C1-44A2-A7F7-152DCA8C9C95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "681BFE5C-6F33-4084-8F0D-2DD573782004",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A29CF53D-7DDC-4B60-8232-6C173083101F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update331:*:*:*:*:*:*",
                     matchCriteriaId: "10612D3D-6614-4C9D-B142-47B71BDAD7FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "B4FCFABB-FDEC-43BF-B611-1B54BCE510C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "47837A4D-A7B1-4F41-8F88-5F5169E7BBE2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "870F82C4-D6B8-474F-909F-0187FE8EEB7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "44535879-9E87-4256-A6D9-29FB7A42AA90",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
                     matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire\\,_enterprise_sds_\\&_hci_storage_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAA3919C-B2B1-4CB5-BA76-7A079AAFFC52",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6D700C5-F67F-4FFB-BE69-D524592A3D2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F921BC85-568E-4B69-A3CD-CF75C76672F1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
                     matchCriteriaId: "850B5359-7804-406B-9DC9-D22D65ACEE40",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
                     matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AD8BF00-C510-4E63-8949-CB64E9043610",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JAXP). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21426",
   lastModified: "2024-11-21T06:44:40.450",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-04-19T21:15:15.157",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	java_se	7u331
oracle	java_se	8u321
oracle	java_se	11.0.14
oracle	java_se	17.0.2
oracle	java_se	18
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire	-
netapp	bootstrap_os	-
netapp	hci_compute_node	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
azul	zulu	6.45
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
azul	zulu	18.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:7u331:*:*:*:*:*:*:*",
                     matchCriteriaId: "C15F860C-6B33-4950-B443-E2A7D4639573",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:8u321:*:*:*:*:*:*:*",
                     matchCriteriaId: "696E27A2-34A2-49A8-BEF4-61718D11DD2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:11.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A9F8A53-6CBE-45EF-A920-4D448B9CE31F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:17.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "00AC1B6D-9156-40A3-B606-845CCC33D724",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:java_se:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "022EC03C-1574-4421-9AB7-0EEF0D089322",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.45:*:*:*:*:*:*:*",
                     matchCriteriaId: "850B5359-7804-406B-9DC9-D22D65ACEE40",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
                     matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:18.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AD8BF00-C510-4E63-8949-CB64E9043610",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 3.7 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21443",
   lastModified: "2024-11-21T06:44:42.700",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-04-19T21:15:15.800",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-04-18 20:15

Modified

2024-11-21 07:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.8
oracle	graalvm	21.3.4
oracle	graalvm	22.3.0
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "EAC60F95-C4B1-49E6-864A-DF5212E7A63C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "4791BBB5-C094-45B6-A3A8-E96D3BF97DA5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "E4B331E5-74F5-411E-B997-7038A1DA445D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "F26CDEF2-A840-4957-A390-19E48AEEC70A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "DB18EEA4-9670-4EBC-8559-6766740980F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10C81D-E148-4208-BA86-086B935A1254",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
                     versionEndExcluding: "8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
                     versionEndIncluding: "11.0.18",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83395182-E46E-47FF-A781-4EF235BC83B6",
                     versionEndIncluding: "17.0.6",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "77172BC0-8637-41F6-AE3B-83006D6735DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-21938",
   lastModified: "2024-11-21T07:43:57.240",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-18T20:15:14.603",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-07-18 21:15

Modified

2024-11-21 07:44

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.10
oracle	graalvm	21.3.6
oracle	graalvm	22.3.2
oracle	graalvm_for_jdk	17.0.7
oracle	graalvm_for_jdk	20.0.1
oracle	jdk	11.0.19
oracle	jdk	17.0.7
oracle	jdk	20.0.1
oracle	jre	11.0.19
oracle	jre	17.0.7
oracle	jre	20.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2023-22006",
   lastModified: "2024-11-21T07:44:05.450",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.1,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-18T21:15:12.067",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial del servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21294",
   lastModified: "2024-11-21T06:44:20.590",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:12.493",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-01-16 22:15

Modified

2024-11-21 08:53

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.12
oracle	graalvm	21.3.8
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jre	1.8.0
oracle	jre	1.8.0
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).  Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and  21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JavaFX). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 y 21.3.8. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con inicio de sesión en la infraestructura donde se ejecuta Oracle Java SE, Oracle GraalVM Enterprise Edition comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos requieren la interacción humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserción o eliminación de acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o o subprogramas de Java en sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntaje base 2.5 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2024-20922",
   lastModified: "2024-11-21T08:53:26.313",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 2.5,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-16T22:15:39.860",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-07-18 21:15

Modified

2024-11-21 07:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230725-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5458	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.10
oracle	graalvm	21.3.6
oracle	graalvm	22.3.2
oracle	graalvm_for_jdk	17.0.7
oracle	graalvm_for_jdk	20.0.1
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.19
oracle	jdk	17.0.7
oracle	jdk	20.0.1
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.19
oracle	jre	17.0.7
oracle	jre	20.0.1
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.10:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "2AEB0668-3769-415A-85D2-8042C83AF530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "1612C1DD-47B7-4A52-B709-0E270CE9A814",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0D052622-1214-4B93-8638-8F0FBADD4F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "908FCFE7-F95A-4E5C-8644-78E737828E27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6FC3A3A8-4244-4933-AC2C-03540C9F80BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:-:*:*:*",
                     matchCriteriaId: "5D736709-DA37-4A09-B0E9-ABE12512DD6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "C69380A5-FD13-4C73-9940-99B4776EA4F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "2182C64A-CA08-49EE-9987-E34F828F9D14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C064D35-8FFB-4033-AE32-A108189734AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "208BCD85-10BA-4ACB-9B9C-E4F5530EFAE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:-:*:*:*",
                     matchCriteriaId: "12264955-3C82-413F-B814-C5538470DE13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "47818A5A-7C5C-4B18-8529-7F9DB00A7626",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FDA3A94-3460-4EE1-B35F-3D4151157D95",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "FE4416A7-658A-423F-9A66-A8F563273AE5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5370A60E-A32D-4F9A-B939-DFA07FF4F860",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).",
      },
   ],
   id: "CVE-2023-22045",
   lastModified: "2024-11-21T07:44:10.113",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-18T21:15:14.267",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230725-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5458",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-10-18 21:15

Modified

2024-11-21 06:45

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.7
oracle	graalvm	21.3.3
oracle	graalvm	22.2.0
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.16.1
oracle	jdk	17.0.4.1
oracle	jdk	19
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.16.1
oracle	jre	17.0.4.1
oracle	jre	19
fedoraproject	fedora	35
fedoraproject	fedora	36
netapp	7-mode_transition_tool	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_unified_manager	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_web_services_proxy	-
azul	zulu	6.49
azul	zulu	7.56
azul	zulu	8.64
azul	zulu	11.58
azul	zulu	13.50
azul	zulu	15.42
azul	zulu	17.36
azul	zulu	19.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0DDD4602-7175-4DB6-B9D9-E7CDF482D263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "71668668-8383-4366-A184-F26455271914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C99B4F5D-3784-42B8-89CA-CDD2AA86B80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "EC1EEFCE-432E-40EE-B547-A193896C4CA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "FB70CB5F-AABC-4CF2-B17E-D9C8D1E22F1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C13BD2F4-05F5-44FD-A217-2049CA5E680B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05CB121D-1430-47CE-BF7B-9567A234C7D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "361979FB-5B05-46A5-A6A2-993B51DF9E44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "94F132CF-6D24-4E80-B959-7ED1F247C3D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "B472E91E-F08F-4CBB-8FDB-37F8EDFB602E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99A04E21-5FCB-4DA7-873A-2FE3AA713669",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCF1C861-79F0-47F8-96E9-6AE0AEFDEC8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "435B90D6-F0BE-4451-867B-C31116D52A9C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0DA944C-4992-424D-BC82-474585DAC5DF",
                     versionEndIncluding: "11.70.2",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB695329-036B-447D-BEB0-AA4D89D1D99C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_web_services_proxy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84007013-7E55-40E3-94F7-55C04D69AE3C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCB7D337-B3E6-4BCE-8249-0473D2DE08BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "285FB110-9501-4F23-BC21-B2EE1E1B82BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.64:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB77FECF-07E1-448E-86F2-DD78B443D7C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "9323C11D-50C6-4356-A2FF-294F750906AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC373919-C38D-4E22-A52D-BA9074E88124",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7832CA7-569F-4C01-991C-F74F24CC2A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.36:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2878A5A-63FA-4681-8643-D47DA6E9011F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:19.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "B394E478-B822-488E-B74B-F46C4DB2B1A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Lightweight HTTP Server). Las versiones soportadas que están afectadas son Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 y 22.2.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar una denegación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad no es aplicada a las implantaciones de Java, normalmente en servidores, que cargan y ejecutan únicamente código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntuación Base 5.3 (Impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21628",
   lastModified: "2024-11-21T06:45:06.373",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-18T21:15:13.887",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-01-16 22:15

Modified

2024-11-21 08:53

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.12
oracle	graalvm	21.3.8
oracle	graalvm	22.3.4
oracle	graalvm_for_jdk	17.0.9
oracle	graalvm_for_jdk	21.0.1
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.21
oracle	jdk	17.0.9
oracle	jdk	21.0.1
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.21
oracle	jre	17.0.9
oracle	jre	21.0.1
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C5781C-4153-431D-991E-637E253EDC87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "568F994E-135F-486D-B57C-0245A1BC253B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F76A51BB-6DAE-4506-B737-7A5854543F18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Scripting). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM para JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a través de un servicio web que proporciona datos a las API. Esta vulnerabilidad también se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en una sandbox o subprogramas de Java en una sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 5.9 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).",
      },
   ],
   id: "CVE-2024-20926",
   lastModified: "2024-11-21T08:53:26.797",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-16T22:15:40.207",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-01-19 12:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202209-05	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220121-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5057	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5058	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.4
oracle	graalvm	21.3.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.13
oracle	jdk	17.0.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.13
oracle	jre	17.0.1
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_unified_manager	-
netapp	snapmanager	-
netapp	snapmanager	-
netapp	solidfire	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	17
oracle	openjdk	17.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "9F300E13-1B40-4B35-ACA5-4D402CD41055",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "F3E9DB6B-06BC-47F9-AEB9-E36378A97543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "3C9591ED-CA9E-4844-9B7F-D477D7A51413",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7F43D86-B696-41E4-A288-6A2D43A1774A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3575C88F-05D3-49F6-A60B-7ED902E318F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update321:*:*:*:*:*:*",
                     matchCriteriaId: "C5988521-7571-4AE7-BD02-2C8765FC464B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update311:*:*:*:*:*:*",
                     matchCriteriaId: "29AB737A-FB85-4E91-B8D3-A4B9A780FC0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "90EC4B85-A88A-4EC3-9EA0-3A24874D5F87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "962026D1-1E50-480F-921C-C7EE32AA0107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
                     matchCriteriaId: "26A2B713-7D6D-420A-93A4-E0D983C983DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
                     matchCriteriaId: "64DE38C8-94F1-4860-B045-F33928F676A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6489B616-476E-46AB-8795-7EFDD9074899",
                     versionEndIncluding: "11.0.13",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8A2B4B3-64EC-4930-9F31-202E4D19AF98",
                     versionEndIncluding: "13.0.9",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF9DCD68-A054-456D-8A3C-15939F85DF90",
                     versionEndIncluding: "15.0.5",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D0A929D-6054-4EFB-8BAD-58826D22D34B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE7858DA-58DE-4920-B678-7800BD084EA1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Serialization). Las versiones compatibles que están afectadas son Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 y 21.3.0. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una capacidad no autorizada de causar una negación parcial de servicio (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada al usar APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación base 5.3 (impactos en la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)",
      },
   ],
   id: "CVE-2022-21341",
   lastModified: "2024-11-21T06:44:27.880",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-01-19T12:15:14.697",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202209-05",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220121-0007/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5058",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-04-18 20:15

Modified

2024-11-21 07:44

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "F26CDEF2-A840-4957-A390-19E48AEEC70A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
                     matchCriteriaId: "DB18EEA4-9670-4EBC-8559-6766740980F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10C81D-E148-4208-BA86-086B935A1254",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
                     versionEndExcluding: "8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
                     versionEndIncluding: "11.0.18",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83395182-E46E-47FF-A781-4EF235BC83B6",
                     versionEndIncluding: "17.0.6",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
                     matchCriteriaId: "77172BC0-8637-41F6-AE3B-83006D6735DE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",
      },
   ],
   id: "CVE-2023-21967",
   lastModified: "2024-11-21T07:44:00.397",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-18T20:15:16.397",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20230427-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.couchbase.com/alerts/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5430",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2023/dsa-5478",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2023.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2024-01-16 22:15

Modified

2025-03-26 15:03

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240201-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2024.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	graalvm	20.3.12
oracle	graalvm	21.3.8
oracle	graalvm	22.3.4
oracle	graalvm_for_jdk	17.0.9
oracle	graalvm_for_jdk	21.0.1
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.21
oracle	jdk	17.0.9
oracle	jdk	21.0.1
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.21
oracle	jre	17.0.9
oracle	jre	21.0.1
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE2E2756-6ECC-4205-BED6-1A7DAB6D1C45",
                     versionEndExcluding: "11.0.24",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BD9DA0F-9664-4C81-882F-68DBBC323F5E",
                     versionEndExcluding: "17.0.10",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "231952D6-6C9A-4C31-A338-1AA8C3D4F433",
                     versionEndExcluding: "21.0.2",
                     versionStartIncluding: "21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
                     matchCriteriaId: "383F0B07-59BF-4744-87F2-04C98BC183B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
                     matchCriteriaId: "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
                     matchCriteriaId: "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update372:*:*:*:*:*:*",
                     matchCriteriaId: "DC62A8BB-6230-4D5A-B91C-DD1B222F9E5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update382:*:*:*:*:*:*",
                     matchCriteriaId: "333F58FD-5F4F-4F11-B1F8-8815C99AC61A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update392:*:*:*:*:*:*",
                     matchCriteriaId: "1CB4456E-18B0-4C5B-822E-2BFE7DE019D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b00:*:*:*:*:*:*",
                     matchCriteriaId: "3FCE7DD4-EF50-4F46-B5E1-F5F0B31C2A69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b01:*:*:*:*:*:*",
                     matchCriteriaId: "60538D83-D9A2-4A8E-ADCA-25ACDE789D11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b02:*:*:*:*:*:*",
                     matchCriteriaId: "823D1593-CCB9-4172-85FE-3F7EC57E966A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b03:*:*:*:*:*:*",
                     matchCriteriaId: "3723D31F-21F3-4040-A59D-6F4FE4D38033",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b04:*:*:*:*:*:*",
                     matchCriteriaId: "60C2BD46-0BF0-4960-9070-41EF8BD86606",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update402-b05:*:*:*:*:*:*",
                     matchCriteriaId: "4B43831A-21CF-4A2D-AF1E-C909954E4713",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "CF534BA8-A2A5-4768-A480-CFB885308AF8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "876A5640-82A8-4BDC-8E0A-4D6340F5417D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C5055FD-0E19-4C42-9B1F-CBE222855156",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "D667746E-7E7C-4326-9B70-3587C2B41BAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "F3EF33DE-2E3F-4D5A-BF06-AC3C75108089",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FFC5C12-7FF4-48E6-BC5A-F50EBC956BBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C5781C-4153-431D-991E-637E253EDC87",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:-:*:*:*",
                     matchCriteriaId: "CA31F3A1-07E1-4685-8A24-7C7830EF7600",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update391:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "DB7CD545-5B56-47FC-803F-8F150C810534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.21:*:*:*:*:*:*:*",
                     matchCriteriaId: "568F994E-135F-486D-B57C-0245A1BC253B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF274813-F650-447C-A1A6-61D5F8FF71BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:21.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F76A51BB-6DAE-4506-B737-7A5854543F18",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Seguridad). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM para JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 y 22.3.4. Una vulnerabilidad difícil de explotar permite que un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creación, eliminación o modificación de datos críticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM para JDK, Oracle GraalVM Enterprise Edition, así como acceso no autorizado a datos críticos o acceso completo a todo Oracle Java. SE, Oracle GraalVM para JDK, datos accesibles de Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en sandbox o subprogramas de Java en sandbox, que cargan y ejecutan código que no es de confianza (por ejemplo, código que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código confiable (por ejemplo, código instalado por un administrador). CVSS 3.1 Puntaje base 7.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
      },
   ],
   id: "CVE-2024-20952",
   lastModified: "2025-03-26T15:03:47.983",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.4,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.2,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2024-01-16T22:15:42.477",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240201-0002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2024.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
            {
               lang: "en",
               value: "CWE-416",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-19 22:15

Modified

2024-11-21 06:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	21.3.2
oracle	graalvm	22.1.0
oracle	jdk	17.0.3.1
oracle	jre	17.0.3.1
azul	zulu	17.34
fedoraproject	fedora	35
fedoraproject	fedora	36
debian	debian_linux	11.0
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	solidfire	-
netapp	hci_compute_node	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 y 22.1.0. La vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualización, inserción o eliminación de algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
   ],
   id: "CVE-2022-21549",
   lastModified: "2024-11-21T06:44:56.113",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-19T22:15:12.147",
   references: [
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2023-09-21 19:15

Modified

2024-11-29 14:43

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

References

URL	Tags
product-security@apple.com	https://security.gentoo.org/glsa/202401-33	Third Party Advisory
product-security@apple.com	https://security.netapp.com/advisory/ntap-20240426-0004/	Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213940	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-33	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240426-0004/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213940	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://webkitgtk.org/security/WSA-2023-0009.html	Third Party Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	macos	*
fedoraproject	fedora	37
fedoraproject	fedora	38
fedoraproject	fedora	39
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	graalvm	20.3.13
oracle	graalvm	21.3.9
oracle	jdk	1.8.0
oracle	jre	1.8.0
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
webkitgtk	webkitgtk\+	*

JSON

To clipboard

{
   cisaActionDue: "2023-10-16",
   cisaExploitAdd: "2023-09-25",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "Apple Multiple Products WebKit Code Execution Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4FE34465-0131-48BD-9BB6-47F83243BAE3",
                     versionEndExcluding: "17.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB5FD4B4-540C-4068-90D2-BEC12CDF54D9",
                     versionEndExcluding: "17.0.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A5DD3D5-FB4F-4313-B873-DCED87FC4605",
                     versionEndExcluding: "14.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                     matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "00EDC8FF-13F2-4218-9EF4-B509364AE7B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "938A32D1-FBAB-42AE-87A7-AB19402B561A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update401:*:*:*:*:*:*",
                     matchCriteriaId: "B9155227-6787-4FAA-BB2C-C99D77DD2111",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update401:*:*:*:*:*:*",
                     matchCriteriaId: "FD4CDABD-BC1E-4A23-8022-D7A0E615C9F4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
                     matchCriteriaId: "E8F29E19-3A64-4426-A2AA-F169440267CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3B199052-5732-4726-B06B-A12C70DFB891",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "076EFDED-230F-4848-A138-4CFDF6B863B3",
                     versionEndExcluding: "2.42.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.",
      },
      {
         lang: "es",
         value: "El problema se solucionó con controles mejorados. Este problema se solucionó en Safari 17, iOS 16.7 y iPadOS 16.7, macOS Sonoma 14. El procesamiento de contenido web puede provocar la ejecución de código arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7.",
      },
   ],
   id: "CVE-2023-41993",
   lastModified: "2024-11-29T14:43:20.857",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2023-09-21T19:15:11.660",
   references: [
      {
         source: "product-security@apple.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202401-33",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240426-0004/",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213940",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202401-33",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240426-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213940",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://webkitgtk.org/security/WSA-2023-0009.html",
      },
   ],
   sourceIdentifier: "product-security@apple.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-754",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-754",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-19 18:15

Modified

2024-11-21 07:08

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.

References

URL	Tags
security@apache.org	http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html	Third Party Advisory, VDB Entry
security@apache.org	http://www.openwall.com/lists/oss-security/2022/07/19/5	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2022/07/19/6	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2022/07/20/2	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2022/07/20/3	Mailing List, Patch, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2022/10/18/2	Mailing List, Patch, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2022/11/04/8	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2022/11/07/2	Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw	Issue Tracking, Mailing List, Vendor Advisory
security@apache.org	https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8	Issue Tracking, Mailing List, Vendor Advisory
security@apache.org	https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html	Mailing List, Third Party Advisory
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
security@apache.org	https://security.gentoo.org/glsa/202401-25
security@apache.org	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
security@apache.org	https://security.netapp.com/advisory/ntap-20240621-0006/
security@apache.org	https://www.debian.org/security/2022/dsa-5188	Third Party Advisory
security@apache.org	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
security@apache.org	https://www.debian.org/security/2022/dsa-5256	Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/07/19/5	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/07/19/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/07/20/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/07/20/3	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/10/18/2	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/11/04/8	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/11/07/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw	Issue Tracking, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8	Issue Tracking, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220729-0009/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5188	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5192	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5256	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
apache	xalan-java	*
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	graalvm	20.3.6
oracle	graalvm	21.3.2
oracle	graalvm	22.1.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.15.1
oracle	jdk	17.0.3.1
oracle	jdk	18.0.1.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.15.1
oracle	jre	17.0.3.1
oracle	jre	18.0.1.1
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	18
fedoraproject	fedora	35
fedoraproject	fedora	36
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	solidfire	-
netapp	hci_compute_node	-
azul	zulu	6.47
azul	zulu	7.54
azul	zulu	8.62
azul	zulu	11.56
azul	zulu	13.48
azul	zulu	15.40
azul	zulu	17.34
azul	zulu	18.30

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E406791B-F9FD-4E3F-831C-296D8F8FF9BE",
                     versionEndIncluding: "2.7.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "7D961E24-EA18-4217-B5F5-F847726D84E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "601D92C4-F71F-47E2-9041-5C286D2137F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "B18FE85D-C53D-44E9-8992-715820D1264B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*",
                     matchCriteriaId: "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*",
                     matchCriteriaId: "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C0485FC-E4B2-464E-8228-1387AC5F353B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7AF3539B-0434-4310-AE88-F46864C7C20F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5CC9398-71B6-4480-95ED-EDCE838D157E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*",
                     matchCriteriaId: "60614E43-090E-44D7-94AD-FFAE38FF111F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*",
                     matchCriteriaId: "131E1C9E-721C-4176-B78B-69C01F90A9A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD4BFA12-588A-4D8D-B45F-648A55EC674C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EF9CFB1-CEC9-483E-BECF-618190C03944",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9",
                     versionEndIncluding: "11.0.15",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539",
                     versionEndIncluding: "13.0.11",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08",
                     versionEndIncluding: "15.0.7",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053",
                     versionEndIncluding: "17.0.3",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
                     matchCriteriaId: "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E4633C4-E552-439D-8FE4-139E3A7956CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "50C77346-8893-44F0-B0D1-5D4D30A9CA3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*",
                     matchCriteriaId: "63E58DE0-A96A-452E-986F-3BD2FEA7C723",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD7A33EC-DE03-424F-9796-E5EA071FF6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6302149-28AA-481E-BC6C-87D05E73768A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*",
                     matchCriteriaId: "20DFD9D8-8648-40F7-81B8-04F852A337FA",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.",
      },
      {
         lang: "es",
         value: "La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT maliciosas. Esto puede usarse para corromper los archivos de clase Java generados por el compilador interno XSLTC y ejecutar código de bytes Java arbitrario. El proyecto Apache Xalan Java está inactivo y en proceso de ser retirado. No son esperadas futuras versiones de Apache Xalan Java que abordan este problema. Nota: Los tiempos de ejecución de Java (como OpenJDK) incluyen copias reempaquetadas de Xalan.",
      },
   ],
   id: "CVE-2022-34169",
   lastModified: "2024-11-21T07:08:59.400",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-19T18:15:11.740",
   references: [
      {
         source: "security@apache.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/19/5",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/19/6",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/20/2",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/20/3",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/10/18/2",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/11/04/8",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/11/07/2",
      },
      {
         source: "security@apache.org",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw",
      },
      {
         source: "security@apache.org",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8",
      },
      {
         source: "security@apache.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html",
      },
      {
         source: "security@apache.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
      },
      {
         source: "security@apache.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
      },
      {
         source: "security@apache.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
      },
      {
         source: "security@apache.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
      },
      {
         source: "security@apache.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
      },
      {
         source: "security@apache.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
      },
      {
         source: "security@apache.org",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "security@apache.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "security@apache.org",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "security@apache.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5188",
      },
      {
         source: "security@apache.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "security@apache.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5256",
      },
      {
         source: "security@apache.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/19/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/19/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/20/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/07/20/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/10/18/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/11/04/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/11/07/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Mailing List",
            "Vendor Advisory",
         ],
         url: "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220729-0009/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5188",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5192",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5256",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
   ],
   sourceIdentifier: "security@apache.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-681",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-10-18 21:15

Modified

2024-11-21 06:45

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.7
oracle	graalvm	21.3.3
oracle	graalvm	22.2.0
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.16.1
oracle	jdk	17.0.4.1
oracle	jdk	19
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.16.1
oracle	jre	17.0.4.1
oracle	jre	19
fedoraproject	fedora	35
fedoraproject	fedora	36
netapp	7-mode_transition_tool	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_unified_manager	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_web_services_proxy	-
azul	zulu	6.49
azul	zulu	7.56
azul	zulu	8.64
azul	zulu	11.58
azul	zulu	13.50
azul	zulu	15.42
azul	zulu	17.36
azul	zulu	19.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0DDD4602-7175-4DB6-B9D9-E7CDF482D263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "71668668-8383-4366-A184-F26455271914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C99B4F5D-3784-42B8-89CA-CDD2AA86B80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "EC1EEFCE-432E-40EE-B547-A193896C4CA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "FB70CB5F-AABC-4CF2-B17E-D9C8D1E22F1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C13BD2F4-05F5-44FD-A217-2049CA5E680B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05CB121D-1430-47CE-BF7B-9567A234C7D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "361979FB-5B05-46A5-A6A2-993B51DF9E44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "94F132CF-6D24-4E80-B959-7ED1F247C3D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "B472E91E-F08F-4CBB-8FDB-37F8EDFB602E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99A04E21-5FCB-4DA7-873A-2FE3AA713669",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCF1C861-79F0-47F8-96E9-6AE0AEFDEC8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "435B90D6-F0BE-4451-867B-C31116D52A9C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0DA944C-4992-424D-BC82-474585DAC5DF",
                     versionEndIncluding: "11.70.2",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB695329-036B-447D-BEB0-AA4D89D1D99C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_web_services_proxy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84007013-7E55-40E3-94F7-55C04D69AE3C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:6.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCB7D337-B3E6-4BCE-8249-0473D2DE08BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "285FB110-9501-4F23-BC21-B2EE1E1B82BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.64:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB77FECF-07E1-448E-86F2-DD78B443D7C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "9323C11D-50C6-4356-A2FF-294F750906AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC373919-C38D-4E22-A52D-BA9074E88124",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7832CA7-569F-4C01-991C-F74F24CC2A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.36:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2878A5A-63FA-4681-8643-D47DA6E9011F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:19.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "B394E478-B822-488E-B74B-F46C4DB2B1A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JNDI). Las versiones soportadas que están afectadas son Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 y 22.2.0. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el Componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuación Base 3.7 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21624",
   lastModified: "2024-11-21T06:45:05.810",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-18T21:15:13.657",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-10-18 21:15

Modified

2024-11-21 06:45

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20221028-0012/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.7
oracle	graalvm	21.3.3
oracle	graalvm	22.2.0
oracle	jdk	1.8.0
oracle	jdk	1.8.0
oracle	jdk	11.0.16.1
oracle	jdk	17.0.4.1
oracle	jdk	19
oracle	jre	1.8.0
oracle	jre	1.8.0
oracle	jre	11.0.16.1
oracle	jre	17.0.4.1
oracle	jre	19
fedoraproject	fedora	35
fedoraproject	fedora	36
netapp	7-mode_transition_tool	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_os_controller	11.70.2
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_unified_manager	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	santricity_storage_plugin	-
netapp	santricity_web_services_proxy	-
azul	zulu	7.56
azul	zulu	8.64
azul	zulu	11.58
azul	zulu	13.50
azul	zulu	15.42
azul	zulu	17.36
azul	zulu	19.28

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "0DDD4602-7175-4DB6-B9D9-E7CDF482D263",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "71668668-8383-4366-A184-F26455271914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C99B4F5D-3784-42B8-89CA-CDD2AA86B80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "EC1EEFCE-432E-40EE-B547-A193896C4CA4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "FB70CB5F-AABC-4CF2-B17E-D9C8D1E22F1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C13BD2F4-05F5-44FD-A217-2049CA5E680B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "05CB121D-1430-47CE-BF7B-9567A234C7D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "361979FB-5B05-46A5-A6A2-993B51DF9E44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update341:*:*:*:*:*:*",
                     matchCriteriaId: "94F132CF-6D24-4E80-B959-7ED1F247C3D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:1.8.0:update345:*:*:enterprise_performance_pack:*:*:*",
                     matchCriteriaId: "B472E91E-F08F-4CBB-8FDB-37F8EDFB602E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:11.0.16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "99A04E21-5FCB-4DA7-873A-2FE3AA713669",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:17.0.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCF1C861-79F0-47F8-96E9-6AE0AEFDEC8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jre:19:*:*:*:*:*:*:*",
                     matchCriteriaId: "435B90D6-F0BE-4451-867B-C31116D52A9C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                     matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BA296F2F-233C-465A-AD39-3347DCB072B2",
                     versionEndExcluding: "11.70.2",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB695329-036B-447D-BEB0-AA4D89D1D99C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
                     matchCriteriaId: "82E94B87-065E-475F-815C-F49978CE22FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_web_services_proxy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84007013-7E55-40E3-94F7-55C04D69AE3C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "285FB110-9501-4F23-BC21-B2EE1E1B82BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.64:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB77FECF-07E1-448E-86F2-DD78B443D7C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "9323C11D-50C6-4356-A2FF-294F750906AE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC373919-C38D-4E22-A52D-BA9074E88124",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.42:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7832CA7-569F-4C01-991C-F74F24CC2A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.36:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2878A5A-63FA-4681-8643-D47DA6E9011F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:19.28:*:*:*:*:*:*:*",
                     matchCriteriaId: "B394E478-B822-488E-B74B-F46C4DB2B1A5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Security). Las versiones soportadas que están afectadas son Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 y 22.2.0. Una vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en una actualización no autorizada, insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan código no confiable (por ejemplo, código procedente de Internet) y que dependen del sandbox de Java para su seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1 Puntuación Base 3.7 (Impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)",
      },
   ],
   id: "CVE-2022-21619",
   lastModified: "2024-11-21T06:45:05.163",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 3.7,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 1.4,
            source: "secalert_us@oracle.com",
            type: "Primary",
         },
      ],
   },
   published: "2022-10-18T21:15:12.810",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "secalert_us@oracle.com",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/202401-25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20221028-0012/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuoct2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-04-19 21:15

Modified

2024-11-21 06:44

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220429-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5128	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5131	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.5
oracle	graalvm	21.3.1
oracle	graalvm	22.0.0.2
oracle	jdk	7.0
oracle	jdk	8.0
oracle	jdk	11.0.14
oracle	jdk	17.0.2
oracle	jdk	18
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	e-series_santricity_os_controller	*
netapp	e-series_santricity_storage_manager	-
netapp	e-series_santricity_web_services	-
netapp	element_software	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	santricity_unified_manager	-
netapp	solidfire	-
netapp	bootstrap_os	-
netapp	hci_compute_node	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
azul	zulu	7.52
azul	zulu	8.60
azul	zulu	11.54
azul	zulu	13.46
azul	zulu	15.38
azul	zulu	17.32
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	7
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	18

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:20.3.5:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "079F2588-2746-408B-9BB0-9A569289985B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:21.3.1:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "51600424-E294-41E0-9C8B-12D0C3456027",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:graalvm:22.0.0.2:*:*:*:enterprise:*:*:*",
                     matchCriteriaId: "C3D12B98-032F-49A6-B237-E0CAD32D9A25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:7.0:update_331:*:*:*:*:*:*",
                     matchCriteriaId: "AC99AA10-93C5-4B27-A991-FD29496FDF1F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:8.0:update_321:*:*:*:*:*:*",
                     matchCriteriaId: "C66D72B5-055F-45BD-AD02-C5E086AB5B63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:11.0.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "681BFE5C-6F33-4084-8F0D-2DD573782004",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:17.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A29CF53D-7DDC-4B60-8232-6C173083101F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "FBA091EC-B5A9-468D-B99C-BB6F333E7B64",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "CCAA4004-9319-478C-9D55-0E8307F872F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF971916-C526-43A9-BD80-985BCC476569",
                     versionEndIncluding: "11.70.1",
                     versionStartIncluding: "11.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7447BC-F315-4298-A822-549942FC118B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:azul:zulu:7.52:*:*:*:*:*:*:*",
                     matchCriteriaId: "5522AD81-A23E-47D3-82E4-6D71ECEB1DBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:8.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "6AC61C25-871B-4F6F-A5F0-77359F373681",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:11.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "12A59E25-5ED3-4A6D-95F6-45750866E0D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:13.46:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0DC492-706E-42FE-8757-71873B53C417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:15.38:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1441FE9-45C5-46C4-BF78-FD5D30F9C80C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:azul:zulu:17.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "28D25E37-5479-4876-B46C-28FF87384852",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C0D3169-24B4-4733-BD40-59D0BB5DAC13",
                     versionEndIncluding: "11.0.14",
                     versionStartIncluding: "11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1D003C0-042E-4126-AEDA-F85863FEAB45",
                     versionEndIncluding: "13.0.10",
                     versionStartIncluding: "13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC2C87EC-6234-482F-B597-962E3C52D01B",
                     versionEndIncluding: "15.0.6",
                     versionStartIncluding: "15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "38F4BE82-B2A6-4E48-B1E0-100ACF94B9CD",
                     versionEndIncluding: "17.0.2",
                     versionStartIncluding: "17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
                     matchCriteriaId: "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
                     matchCriteriaId: "02011EDC-20A7-4A16-A592-7C76E0037997",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
                     matchCriteriaId: "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
                     matchCriteriaId: "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
                     matchCriteriaId: "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
                     matchCriteriaId: "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
                     matchCriteriaId: "C28388AB-CFC9-4749-A90F-383F5B905EA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
                     matchCriteriaId: "CA7AD457-6CE6-4925-8D94-A907B40233D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
                     matchCriteriaId: "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
                     matchCriteriaId: "5480E5AD-DB46-474A-9B57-84ED088A75FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
                     matchCriteriaId: "881A4AE9-6012-4E91-98BE-0A352CC20703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
                     matchCriteriaId: "7E1E1079-57D9-473B-A017-964F4745F329",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
                     matchCriteriaId: "B8D6446E-2915-4F12-87BE-E7420BC2626E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
                     matchCriteriaId: "564EDCE3-16E6-401D-8A43-032D1F8875E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
                     matchCriteriaId: "08278802-D31B-488A-BA6A-EBC816DF883A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
                     matchCriteriaId: "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
                     matchCriteriaId: "7BBB0969-565E-43E2-B067-A10AAA5F1958",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
                     matchCriteriaId: "D78BE95D-6270-469A-8035-FCDDB398F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
                     matchCriteriaId: "88C24F40-3150-4584-93D9-8307DE04EEE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
                     matchCriteriaId: "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
                     matchCriteriaId: "19626B36-62FC-4497-A2E1-7D6CD9839B19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
                     matchCriteriaId: "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
                     matchCriteriaId: "8BE0C04B-440E-4B35-ACC8-6264514F764C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
                     matchCriteriaId: "555EC2A6-0475-48ED-AE0C-B306714A9333",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
                     matchCriteriaId: "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
                     matchCriteriaId: "02C55E2E-AEDE-455C-B128-168C918B5D97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
                     matchCriteriaId: "81831D37-6597-441B-87DE-38F7191BEA42",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
                     matchCriteriaId: "EEA1594D-0AB5-436D-9E60-C26EE2175753",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
                     matchCriteriaId: "B868FA41-C71B-491C-880B-484740B30C72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
                     matchCriteriaId: "C242D3BE-9114-4A9E-BB78-45754C7CC450",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
                     matchCriteriaId: "95954182-9541-4181-9647-B17FA5A79F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
                     matchCriteriaId: "9F6F0137-F91F-4028-BED2-C29640D52C23",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
                     matchCriteriaId: "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update331:*:*:*:*:*:*",
                     matchCriteriaId: "A8971E08-2CA2-46F4-8C26-12D2AFAC3B04",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
                     matchCriteriaId: "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
                     matchCriteriaId: "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
                     matchCriteriaId: "84E31265-22E1-4E91-BFCB-D2AFF445926A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
                     matchCriteriaId: "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
                     matchCriteriaId: "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
                     matchCriteriaId: "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
                     matchCriteriaId: "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
                     matchCriteriaId: "568F1AC4-B0D7-4438-82E5-0E61500F2240",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
                     matchCriteriaId: "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
                     matchCriteriaId: "94834710-3FA9-49D9-8600-B514CBCA4270",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
                     matchCriteriaId: "4228D9E1-7D82-4B49-9669-9CDAD7187432",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
                     matchCriteriaId: "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
                     matchCriteriaId: "D96D5061-4A81-497E-9AD6-A8381B3B454C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
                     matchCriteriaId: "5345C21E-A01B-43B9-9A20-F2783D921C60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
                     matchCriteriaId: "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
                     matchCriteriaId: "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
                     matchCriteriaId: "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
                     matchCriteriaId: "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
                     matchCriteriaId: "FB70E154-A304-429E-80F5-8D87B00E32D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
                     matchCriteriaId: "70892D06-6E75-4425-BBF0-4B684EC62A1C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "67ED8559-C348-4932-B7CE-CB96976A30EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "40AC3D91-263F-4345-9FAA-0E573EA64590",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B2F24-A730-4818-90C8-A2D90C081F03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "464087F2-C285-4574-957E-CE0663F07DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
                     matchCriteriaId: "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
                     matchCriteriaId: "083419F8-FDDF-4E36-88F8-857DB317C1D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
                     matchCriteriaId: "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
                     matchCriteriaId: "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
                     matchCriteriaId: "07812576-3C35-404C-A7D7-9BE9E3D76E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
                     matchCriteriaId: "00C52B1C-5447-4282-9667-9EBE0720B423",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
                     matchCriteriaId: "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
                     matchCriteriaId: "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
                     matchCriteriaId: "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
                     matchCriteriaId: "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
                     matchCriteriaId: "0AE30779-48FB-451E-8CE1-F469F93B8772",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
                     matchCriteriaId: "60590FDE-7156-4314-A012-AA38BD2ADDC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
                     matchCriteriaId: "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
                     matchCriteriaId: "F24F6122-2256-41B6-9033-794C6424ED99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
                     matchCriteriaId: "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
                     matchCriteriaId: "D1D6F19F-59B5-4BB6-AD35-013384025970",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
                     matchCriteriaId: "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
                     matchCriteriaId: "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
                     matchCriteriaId: "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
                     matchCriteriaId: "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
                     matchCriteriaId: "2CB74086-14B8-4237-8357-E0C6B5BB8313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
                     matchCriteriaId: "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
                     matchCriteriaId: "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
                     matchCriteriaId: "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
                     matchCriteriaId: "12A3F367-33AD-47C3-BFDC-871A17E72C94",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
                     matchCriteriaId: "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
                     matchCriteriaId: "78261932-7373-4F16-91E0-1A72ADBEBC3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
                     matchCriteriaId: "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
                     matchCriteriaId: "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
                     matchCriteriaId: "F5A40B8A-D428-4008-9F21-AF21394C51D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
                     matchCriteriaId: "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
                     matchCriteriaId: "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
                     matchCriteriaId: "3102AA10-99A8-49A9-867E-7EEC56865680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
                     matchCriteriaId: "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
                     matchCriteriaId: "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
                     matchCriteriaId: "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
                     matchCriteriaId: "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
                     matchCriteriaId: "F8483034-DD5A-445D-892F-CDE90A7D58EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
                     matchCriteriaId: "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
                     matchCriteriaId: "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
                     matchCriteriaId: "8279718F-878F-4868-8859-1728D13CD0D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
                     matchCriteriaId: "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
                     matchCriteriaId: "4F24389D-DDD0-4204-AA24-31C920A4F47E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
                     matchCriteriaId: "966979BE-1F21-4729-B6B8-610F74648344",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
                     matchCriteriaId: "F8534265-33BF-460D-BF74-5F55FDE50F29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
                     matchCriteriaId: "F77AFC25-1466-4E56-9D5F-6988F3288E16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
                     matchCriteriaId: "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
                     matchCriteriaId: "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
                     matchCriteriaId: "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
                     matchCriteriaId: "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
                     matchCriteriaId: "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
                     matchCriteriaId: "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
                     matchCriteriaId: "27BC4150-70EC-462B-8FC5-20B3442CBB31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
                     matchCriteriaId: "02646989-ECD9-40AE-A83E-EFF4080C69B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
                     matchCriteriaId: "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 y 22.0.0.2. Una vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red por medio de múltiples protocolos comprometer Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o el acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan código que no es confiable (por ejemplo, código que viene de Internet) y dependen del sandbox de Java para la seguridad. Esta vulnerabilidad también puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuación Base 7.5 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)",
      },
   ],
   id: "CVE-2022-21476",
   lastModified: "2024-11-21T06:44:47.470",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "secalert_us@oracle.com",
            type: "Secondary",
         },
      ],
   },
   published: "2022-04-19T21:15:17.503",
   references: [
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "secalert_us@oracle.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20220429-0006/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5128",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2022/dsa-5131",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
   ],
   sourceIdentifier: "secalert_us@oracle.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerabilites related to netapp - cloud_insights_acquisition_unit

CVE-2023-22025 (GCVE-0-2023-22025)

Vulnerability from cvelistv5

CVE-2022-21549 (GCVE-0-2022-21549)

Vulnerability from cvelistv5

CVE-2022-21366 (GCVE-0-2022-21366)

Vulnerability from cvelistv5

CVE-2024-20922 (GCVE-0-2024-20922)

Vulnerability from cvelistv5

CVE-2023-21930 (GCVE-0-2023-21930)

Vulnerability from cvelistv5

CVE-2024-20926 (GCVE-0-2024-20926)

Vulnerability from cvelistv5

CVE-2022-21541 (GCVE-0-2022-21541)

Vulnerability from cvelistv5

CVE-2022-21619 (GCVE-0-2022-21619)

Vulnerability from cvelistv5

CVE-2022-21426 (GCVE-0-2022-21426)

Vulnerability from cvelistv5

CVE-2024-20918 (GCVE-0-2024-20918)

Vulnerability from cvelistv5

CVE-2023-22036 (GCVE-0-2023-22036)

Vulnerability from cvelistv5

CVE-2022-21434 (GCVE-0-2022-21434)

Vulnerability from cvelistv5

CVE-2020-36518 (GCVE-0-2020-36518)

Vulnerability from cvelistv5

CVE-2022-21365 (GCVE-0-2022-21365)

Vulnerability from cvelistv5

CVE-2022-21305 (GCVE-0-2022-21305)

Vulnerability from cvelistv5

CVE-2022-21293 (GCVE-0-2022-21293)

Vulnerability from cvelistv5

CVE-2022-21540 (GCVE-0-2022-21540)

Vulnerability from cvelistv5

CVE-2023-22049 (GCVE-0-2023-22049)

Vulnerability from cvelistv5

CVE-2023-21954 (GCVE-0-2023-21954)

Vulnerability from cvelistv5

CVE-2023-41993 (GCVE-0-2023-41993)

Vulnerability from cvelistv5

CVE-2022-21628 (GCVE-0-2022-21628)

Vulnerability from cvelistv5

CVE-2022-21282 (GCVE-0-2022-21282)

Vulnerability from cvelistv5

CVE-2023-22081 (GCVE-0-2023-22081)

Vulnerability from cvelistv5

CVE-2022-21476 (GCVE-0-2022-21476)

Vulnerability from cvelistv5

CVE-2022-21626 (GCVE-0-2022-21626)

Vulnerability from cvelistv5

CVE-2023-21968 (GCVE-0-2023-21968)

Vulnerability from cvelistv5

CVE-2024-20932 (GCVE-0-2024-20932)

Vulnerability from cvelistv5

CVE-2022-21283 (GCVE-0-2022-21283)

Vulnerability from cvelistv5

CVE-2023-21967 (GCVE-0-2023-21967)

Vulnerability from cvelistv5

CVE-2022-21618 (GCVE-0-2022-21618)

Vulnerability from cvelistv5

CVE-2024-20952 (GCVE-0-2024-20952)

Vulnerability from cvelistv5

CVE-2022-21299 (GCVE-0-2022-21299)

Vulnerability from cvelistv5

CVE-2023-21939 (GCVE-0-2023-21939)

Vulnerability from cvelistv5

CVE-2022-21496 (GCVE-0-2022-21496)

Vulnerability from cvelistv5

CVE-2023-21938 (GCVE-0-2023-21938)

Vulnerability from cvelistv5

CVE-2022-21294 (GCVE-0-2022-21294)

Vulnerability from cvelistv5

CVE-2022-21360 (GCVE-0-2022-21360)

Vulnerability from cvelistv5

CVE-2022-21291 (GCVE-0-2022-21291)

Vulnerability from cvelistv5

CVE-2022-21277 (GCVE-0-2022-21277)

Vulnerability from cvelistv5

CVE-2023-22041 (GCVE-0-2023-22041)