← Back

CVE-2022-21341

nvd nist
Published: Jan 19, 2022Modified: May 27, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability: 3.9 / Impact: 1.4
Source: secalert_us@oracle.com (Secondary)

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected (151)

Oracle
4 products
Graalvm
Jdk
Jre
Openjdk
Netapp
14 products
7 Mode Transition Tool
Active Iq Unified Manager
Cloud Insights Acquisition Unit
Cloud Secure Agent
E Series Santricity Os Controller
E Series Santricity Storage Manager
E Series Santricity Web Services
Hci Management Node
Oncommand Insight
Oncommand Workflow Automation
Santricity Storage Plugin
Santricity Unified Manager
Snapmanager
Solidfire
Debian
1 product
Debian Linux
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Graalvm
Version 20.3.4
Graalvm
Version 21.3.0
Oracle
Jdk
Version 1.7.0 update321
Jdk
Version 1.8.0 update311
Jdk
Version 11.0.13
Jdk
Version 17.0.1
Oracle
Jre
Version 1.7.0 update321
Jre
Version 1.8.0 update311
Jre
Version 11.0.13
Jre
Version 17.0.1
Configuration B
16 vulnerable
Vulnerable SoftwareAffected Versions
7 Mode Transition Tool
All versions
Netapp
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Cloud Insights Acquisition Unit
All versions
Cloud Secure Agent
All versions
E Series Santricity Os Controller
From 11.0.0 to 11.70.1
E Series Santricity Storage Manager
All versions
E Series Santricity Web Services
All versions
Hci Management Node
All versions
Oncommand Insight
All versions
Oncommand Workflow Automation
All versions
Santricity Storage Plugin
All versions
Santricity Unified Manager
All versions
Netapp
Snapmanager
All versions
Snapmanager
All versions
Solidfire
All versions
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Debian Linux
Version 9.0
Configuration D
122 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Openjdk
From 11 to 11.0.13
Openjdk
From 13 to 13.0.9
Openjdk
From 15 to 15.0.5
Openjdk
Version 17.0.1
Openjdk
Version 17
Openjdk
Version 7
Openjdk
Version 7 update101
Openjdk
Version 7 update10
Openjdk
Version 7 update111
Openjdk
Version 7 update11
Openjdk
Version 7 update121
Openjdk
Version 7 update131
Openjdk
Version 7 update13
Openjdk
Version 7 update141
Openjdk
Version 7 update151
Openjdk
Version 7 update15
Openjdk
Version 7 update161
Openjdk
Version 7 update171
Openjdk
Version 7 update17
Openjdk
Version 7 update181
Openjdk
Version 7 update191
Openjdk
Version 7 update1
Openjdk
Version 7 update201
Openjdk
Version 7 update211
Openjdk
Version 7 update21
Openjdk
Version 7 update221
Openjdk
Version 7 update231
Openjdk
Version 7 update241
Openjdk
Version 7 update251
Openjdk
Version 7 update25
Openjdk
Version 7 update261
Openjdk
Version 7 update271
Openjdk
Version 7 update281
Openjdk
Version 7 update291
Openjdk
Version 7 update2
Openjdk
Version 7 update301
Openjdk
Version 7 update311
Openjdk
Version 7 update321
Openjdk
Version 7 update3
Openjdk
Version 7 update40
Openjdk
Version 7 update45
Openjdk
Version 7 update4
Openjdk
Version 7 update51
Openjdk
Version 7 update55
Openjdk
Version 7 update5
Openjdk
Version 7 update60
Openjdk
Version 7 update65
Openjdk
Version 7 update67
Openjdk
Version 7 update6
Openjdk
Version 7 update72
Openjdk
Version 7 update76
Openjdk
Version 7 update7
Openjdk
Version 7 update80
Openjdk
Version 7 update85
Openjdk
Version 7 update91
Openjdk
Version 7 update95
Openjdk
Version 7 update97
Openjdk
Version 7 update99
Openjdk
Version 7 update9
Openjdk
Version 8
Openjdk
Version 8 milestone1
Openjdk
Version 8 milestone2
Openjdk
Version 8 milestone3
Openjdk
Version 8 milestone4
Openjdk
Version 8 milestone5
Openjdk
Version 8 milestone6
Openjdk
Version 8 milestone7
Openjdk
Version 8 milestone8
Openjdk
Version 8 milestone9
Openjdk
Version 8 update101
Openjdk
Version 8 update102
Openjdk
Version 8 update111
Openjdk
Version 8 update112
Openjdk
Version 8 update11
Openjdk
Version 8 update121
Openjdk
Version 8 update131
Openjdk
Version 8 update141
Openjdk
Version 8 update151
Openjdk
Version 8 update152
Openjdk
Version 8 update161
Openjdk
Version 8 update162
Openjdk
Version 8 update171
Openjdk
Version 8 update172
Openjdk
Version 8 update181
Openjdk
Version 8 update191
Openjdk
Version 8 update192
Openjdk
Version 8 update201
Openjdk
Version 8 update202
Openjdk
Version 8 update20
Openjdk
Version 8 update211
Openjdk
Version 8 update212
Openjdk
Version 8 update221
Openjdk
Version 8 update222
Openjdk
Version 8 update231
Openjdk
Version 8 update232
Openjdk
Version 8 update241
Openjdk
Version 8 update242
Openjdk
Version 8 update252
Openjdk
Version 8 update25
Openjdk
Version 8 update262
Openjdk
Version 8 update271
Openjdk
Version 8 update281
Openjdk
Version 8 update282
Openjdk
Version 8 update291
Openjdk
Version 8 update301
Openjdk
Version 8 update302
Openjdk
Version 8 update312
Openjdk
Version 8 update31
Openjdk
Version 8 update40
Openjdk
Version 8 update45
Openjdk
Version 8 update51
Openjdk
Version 8 update5
Openjdk
Version 8 update60
Openjdk
Version 8 update65
Openjdk
Version 8 update66
Openjdk
Version 8 update71
Openjdk
Version 8 update72
Openjdk
Version 8 update73
Openjdk
Version 8 update74
Openjdk
Version 8 update77
Openjdk
Version 8 update91
Openjdk
Version 8 update92

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (12)

Source: secalert_us@oracle.com
Mailing ListThird Party Advisory
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.