Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-a95g-84vs-xbav
Vulnerability ID VCID-a95g-84vs-xbav
Aliases CVE-2022-21476
Summary OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-179 Incorrect Behavior Order: Early Validation
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21476.json
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.00184 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2022-21476
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2687
archlinux High https://security.archlinux.org/AVG-2688
archlinux High https://security.archlinux.org/AVG-2689
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21476.json
https://api.first.org/data/v1/epss?cve=CVE-2022-21476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21496
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1010597 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010597
2075842 https://bugzilla.redhat.com/show_bug.cgi?id=2075842
AVG-2687 https://security.archlinux.org/AVG-2687
AVG-2688 https://security.archlinux.org/AVG-2688
AVG-2689 https://security.archlinux.org/AVG-2689
RHSA-2022:1435 https://access.redhat.com/errata/RHSA-2022:1435
RHSA-2022:1436 https://access.redhat.com/errata/RHSA-2022:1436
RHSA-2022:1437 https://access.redhat.com/errata/RHSA-2022:1437
RHSA-2022:1438 https://access.redhat.com/errata/RHSA-2022:1438
RHSA-2022:1439 https://access.redhat.com/errata/RHSA-2022:1439
RHSA-2022:1440 https://access.redhat.com/errata/RHSA-2022:1440
RHSA-2022:1441 https://access.redhat.com/errata/RHSA-2022:1441
RHSA-2022:1442 https://access.redhat.com/errata/RHSA-2022:1442
RHSA-2022:1443 https://access.redhat.com/errata/RHSA-2022:1443
RHSA-2022:1444 https://access.redhat.com/errata/RHSA-2022:1444
RHSA-2022:1445 https://access.redhat.com/errata/RHSA-2022:1445
RHSA-2022:1487 https://access.redhat.com/errata/RHSA-2022:1487
RHSA-2022:1488 https://access.redhat.com/errata/RHSA-2022:1488
RHSA-2022:1489 https://access.redhat.com/errata/RHSA-2022:1489
RHSA-2022:1490 https://access.redhat.com/errata/RHSA-2022:1490
RHSA-2022:1491 https://access.redhat.com/errata/RHSA-2022:1491
RHSA-2022:1492 https://access.redhat.com/errata/RHSA-2022:1492
RHSA-2022:1728 https://access.redhat.com/errata/RHSA-2022:1728
RHSA-2022:1729 https://access.redhat.com/errata/RHSA-2022:1729
RHSA-2022:2137 https://access.redhat.com/errata/RHSA-2022:2137
USN-5388-1 https://usn.ubuntu.com/5388-1/
USN-5388-2 https://usn.ubuntu.com/5388-2/
USN-5546-1 https://usn.ubuntu.com/5546-1/
USN-5546-2 https://usn.ubuntu.com/5546-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21476.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.40224
EPSS Score 0.00184
Published At April 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:58:53.129878+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21476.json 38.0.0