VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-w5bq-krye-aaaj

Essentials
Severities (116)
References (50)
Severity details (9)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-w5bq-krye-aaaj
Aliases	CVE-2022-21540
Summary	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-402

Transmission of Private Resources into a New Sphere ('Resource Leak')

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5681
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5683
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5684
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5685
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5687
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5695
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5696
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5697
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5698
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5700
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5701
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5709
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5726
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5736
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5755
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5756
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5757
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5758
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21540.json
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00281	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.00379	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
epss	0.02136	https://api.first.org/data/v1/epss?cve=CVE-2022-21540
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2108540
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.3	https://nvd.nist.gov/vuln/detail/CVE-2022-21540
cvssv3.1	7.5	https://www.debian.org/security/2022/dsa-5188
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5188
cvssv3.1	7.5	https://www.debian.org/security/2022/dsa-5192
generic_textual	HIGH	https://www.debian.org/security/2022/dsa-5192
cvssv3.1	7.5	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21540.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-21540
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
		https://security.netapp.com/advisory/ntap-20220729-0009/
		https://www.debian.org/security/2022/dsa-5188
		https://www.debian.org/security/2022/dsa-5192
		https://www.oracle.com/security-alerts/cpujul2022.html
2108540		https://bugzilla.redhat.com/show_bug.cgi?id=2108540
cpe:2.3:a:oracle:graalvm:20.3.6::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.6::::enterprise:::
cpe:2.3:a:oracle:graalvm:21.3.2::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.2::::enterprise:::
cpe:2.3:a:oracle:graalvm:22.1.0::::enterprise:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:22.1.0::::enterprise:::
cpe:2.3:a:oracle:jdk:11.0.15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.15.1:::::::*
cpe:2.3:a:oracle:jdk:17.0.3.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:17.0.3.1:::::::*
cpe:2.3:a:oracle:jdk:1.7.0:update343::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update343::::::
cpe:2.3:a:oracle:jdk:18.0.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:18.0.1.1:::::::*
cpe:2.3:a:oracle:jdk:1.8.0:update333::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update333::::::
cpe:2.3:a:oracle:jre:11.0.15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.15.1:::::::*
cpe:2.3:a:oracle:jre:17.0.3.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:17.0.3.1:::::::*
cpe:2.3:a:oracle:jre:1.7.0:update343::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update343::::::
cpe:2.3:a:oracle:jre:18.0.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:18.0.1.1:::::::*
cpe:2.3:a:oracle:jre:1.8.0:update333::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update333::::::
CVE-2022-21540		https://nvd.nist.gov/vuln/detail/CVE-2022-21540
GLSA-202401-25		https://security.gentoo.org/glsa/202401-25
RHSA-2022:5681		https://access.redhat.com/errata/RHSA-2022:5681
RHSA-2022:5683		https://access.redhat.com/errata/RHSA-2022:5683
RHSA-2022:5684		https://access.redhat.com/errata/RHSA-2022:5684
RHSA-2022:5685		https://access.redhat.com/errata/RHSA-2022:5685
RHSA-2022:5687		https://access.redhat.com/errata/RHSA-2022:5687
RHSA-2022:5695		https://access.redhat.com/errata/RHSA-2022:5695
RHSA-2022:5696		https://access.redhat.com/errata/RHSA-2022:5696
RHSA-2022:5697		https://access.redhat.com/errata/RHSA-2022:5697
RHSA-2022:5698		https://access.redhat.com/errata/RHSA-2022:5698
RHSA-2022:5700		https://access.redhat.com/errata/RHSA-2022:5700
RHSA-2022:5701		https://access.redhat.com/errata/RHSA-2022:5701
RHSA-2022:5709		https://access.redhat.com/errata/RHSA-2022:5709
RHSA-2022:5726		https://access.redhat.com/errata/RHSA-2022:5726
RHSA-2022:5736		https://access.redhat.com/errata/RHSA-2022:5736
RHSA-2022:5753		https://access.redhat.com/errata/RHSA-2022:5753
RHSA-2022:5754		https://access.redhat.com/errata/RHSA-2022:5754
RHSA-2022:5755		https://access.redhat.com/errata/RHSA-2022:5755
RHSA-2022:5756		https://access.redhat.com/errata/RHSA-2022:5756
RHSA-2022:5757		https://access.redhat.com/errata/RHSA-2022:5757
RHSA-2022:5758		https://access.redhat.com/errata/RHSA-2022:5758
USN-5546-1		https://usn.ubuntu.com/5546-1/
USN-5546-2		https://usn.ubuntu.com/5546-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21540.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-21540

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5188

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5192

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.20820
EPSS Score	0.00050
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.