CVE-2022-21597

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle GraalVM Enterprise Edition versions 20.3.7 through 22.2.0

Description An easily exploitable issue exists in the JavaScript component of Oracle GraalVM Enterprise Edition. An unauthenticated attacker with network access via HTTP can compromise the software. Successful attacks may result in unauthorized read access to a subset of accessible data.

Recommendations Update to a version later than 22.2.0. Update to a version later than 21.3.3. Update to a version later than 20.3.7.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-21597

Affected Products

Oracle Graalvm Enterprise Edition

CVE-2022-21597

Related Identifiers

Affected Products

References · 4