Jeremy Nunn

Researcher fromTrustwave
#26610of 53,632
9.6Total CVSS
Vulnerabilities · 2
Medium
2
PT-2022-6853
5.3
2022-01-18
Oracle · Java Se · CVE-2022-21283
**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 **Description** The vulnerability is related to insufficient handling of exceptional states in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition. It can be exploited by an unauthenticated attacker with network access via multiple protocols, allowing them to cause a partial denial of service (partial DOS) of Oracle Java SE and Oracle GraalVM Enterprise Edition. This issue applies to Java deployments that load and run untrusted code, relying on the Java sandbox for security. The vulnerability can also be exploited through APIs in the specified component, for example, via a web service supplying data to the APIs. **Recommendations** For Oracle Java SE versions 11.0.13, 17.0.1: Update to a newer version to mitigate the risk. For Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0: Update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable Libraries component until a patch is available. Avoid using APIs in the specified component to minimize the risk of exploitation.
PT-2021-6673
4.3
2021-11-15
Oracle · Oracle Enterprise Session Border Controller · CVE-2022-21383
**Name of the Vulnerable Software and Affected Versions** Oracle Enterprise Session Border Controller versions 8.4 through 9.0 **Description** The issue is related to errors in resource release in the Log component of the Oracle Enterprise Session Border Controller. It allows a remote attacker to cause a partial denial of service using the HTTP protocol. The vulnerability can be easily exploited by a low-privileged attacker with network access via HTTP, resulting in unauthorized ability to cause a partial denial of service of the Oracle Enterprise Session Border Controller. **Recommendations** For versions 8.4 and 9.0, consider restricting access to the Log component until a patch is available. As a temporary workaround, consider disabling the Log component to minimize the risk of exploitation. Restrict network access via HTTP to reduce the risk of unauthorized attacks.