CVE-2022-21443

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Affected (32)

Products: Oracle: Graalvm, Java Se · Netapp: Active Iq Unified Manager, Cloud Insights Acquisition Unit, Cloud Secure Agent, E Series Santricity Os Controller, E Series Santricity Storage Manager, E Series Santricity Web Services, Element Software, Hci Management Node, Oncommand Insight, Santricity Unified Manager, Solidfire, Bootstrap Os · Debian: Debian Linux · +1 more

Show all products

2 products

12 products

Active Iq Unified Manager

Cloud Insights Acquisition Unit

Cloud Secure Agent

E Series Santricity Os Controller

E Series Santricity Storage Manager

E Series Santricity Web Services

Element Software

Hci Management Node

Oncommand Insight

Santricity Unified Manager

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Oracle Graalvm	Version 20.3.5
Oracle Graalvm	Version 21.3.1
Oracle Graalvm	Version 22.0.0.2
Oracle Java Se	Version 11.0.14
Oracle Java Se	Version 17.0.2
Oracle Java Se	Version 18
Oracle Java Se	Version 7u331
Oracle Java Se	Version 8u321

Configuration B

12 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Active Iq Unified Manager	All versions
Netapp Cloud Insights Acquisition Unit	All versions
Netapp Cloud Secure Agent	All versions
Netapp E Series Santricity Os Controller	From 11.0.0 to 11.70.1
Netapp E Series Santricity Storage Manager	All versions
Netapp E Series Santricity Web Services	All versions
Netapp Element Software	All versions
Netapp Hci Management Node	All versions
Netapp Oncommand Insight	All versions
Netapp Santricity Unified Manager	All versions
Netapp Solidfire	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Bootstrap Os	All versions

Running on/with	Platform Versions
Netapp Hci Compute Node	All versions

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Configuration E

8 vulnerable

Vulnerable Software	Affected Versions
Azul Zulu	Version 11.54
Azul Zulu	Version 13.46
Azul Zulu	Version 15.38
Azul Zulu	Version 17.32
Azul Zulu	Version 18.28
Azul Zulu	Version 6.45
Azul Zulu	Version 7.52
Azul Zulu	Version 8.60