PT-2021-6667 · Oracle+2 · Oracle Java Se+4

Published

2021-11-15

·

Updated

2026-05-08

·

CVE-2022-21271

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13 Oracle GraalVM Enterprise Edition versions 20.3.4 and 21.3.0
Description The issue is related to a vulnerability in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition, allowing an unauthenticated attacker with network access via multiple protocols to compromise the system. This can result in a partial denial of service (partial DOS). The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.
Recommendations For Oracle Java SE versions 7u321, 8u311, 11.0.13, update to a version that contains a fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.4 and 21.3.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Libraries component until a patch is available. Avoid using APIs in the specified component to minimize the risk of exploitation.

Fix

RCE

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-404

Related Identifiers

BDU:2022-02000
BIT-JAVA-2022-21271
BIT-JAVA-MIN-2022-21271
BIT-JRE-2022-21271
CVE-2022-21271
OESA-2022-2145
OESA-2022-2151
OESA-2022-2152
OESA-2022-2154
OPENSUSE-SU-2022:1027-1
OPENSUSE-SU-2022_1027-1
ROSA-SA-2023-2312
SUSE-SU-2022:1025-1
SUSE-SU-2022:1026-1
SUSE-SU-2022:1027-1
SUSE-SU-2022:14926-1
SUSE-SU-2022:14927-1
SUSE-SU-2022_14927-1

Affected Products

Java Platform
Oracle Graalvm Enterprise Edition
Oracle Java Se
Red Os
Suse