CVE-2022-21366

Опубликовано: 19 янв. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to

Ссылки

https://security.gentoo.org/glsa/202209-05
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0007/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5057
Third Party Advisory
https://www.debian.org/security/2022/dsa-5058
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Vendor Advisory
https://security.gentoo.org/glsa/202209-05
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0007/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5057
Third Party Advisory
https://www.debian.org/security/2022/dsa-5058
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:17.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:11.0.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:17.0.1:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.70.1 (включая)

cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*

cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*

Версия от 11 (включая) до 11.0.13 (включая)

cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*

Версия от 13 (включая) до 13.0.9 (включая)

cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*

Версия от 15 (включая) до 15.0.5 (включая)

cpe:2.3:a:oracle:openjdk:17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00123

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-21366

CVSS3: 5.3

ubuntu

больше 3 лет назад

CVE-2022-21366

CVSS3: 5.3

redhat

больше 3 лет назад

CVE-2022-21366

CVSS3: 5.3

debian

больше 3 лет назад

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...

GHSA-hgv5-w5qv-cpfg

CVSS3: 5.3

github

больше 3 лет назад

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data ...

BDU:2023-05167

CVSS3: 5.3

fstec

больше 3 лет назад

Уязвимость компонента ImageIO программной платформы Oracle Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 33%

0.00123

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo