PT-2022-4253 · Oracle+10 · Java Se+12

Published

2022-07-04

·

Updated

2026-05-08

·

CVE-2022-21541

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Oracle GraalVM Enterprise Edition versions 20.3.6, 21.3.2, 22.1.0
Description The issue is related to insufficient input validation in the Hotspot component. It allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE and Oracle GraalVM Enterprise Edition. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all accessible data. This issue applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited by using APIs in the specified component.
Recommendations For Oracle Java SE versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.6, 21.3.2, 22.1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Hotspot component until a patch is available. Avoid using APIs in the specified component until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2022:5683
ALSA-2022:5695
ALSA-2022:5696
ALSA-2022:5709
ALSA-2022:5736
ALT-PU-2022-7661
ALT-PU-2022-7662
ALT-PU-2022-7663
ALT-PU-2022-7664
ALT-PU-2022-7665
ALT-PU-2022-7666
ALT-PU-2022-7667
ALT-PU-2022-7668
ALT-PU-2025-6317
BDU:2022-05103
BIT-JAVA-2022-21541
BIT-JAVA-MIN-2022-21541
BIT-JRE-2022-21541
CESA-2022_5683
CESA-2022_5687
CESA-2022_5696
CESA-2022_5698
CESA-2022_5726
CVE-2022-21541
DSA-5188-1
DSA-5192-1
MGASA-2022-0435
OESA-2022-1786
OESA-2022-1832
OESA-2022-1849
OPENSUSE-SU-2022_2660-1
OPENSUSE-SU-2022_2707-1
OPENSUSE-SU-2022_2856-1
OPENSUSE-SU-2022_2949-1
OPENSUSE-SU-2022_3092-1
OPENSUSE-SU-2022_4166-1
OPENSUSE-SU-2024:12201-1
OPENSUSE-SU-2024:12202-1
OPENSUSE-SU-2024:12203-1
OPENSUSE-SU-2024:12207-1
OPENSUSE-SU-2024:12208-1
OPENSUSE-SU-2024:12234-1
OPENSUSE-SU-2025:0066-1
RHSA-2022:5681
RHSA-2022:5683
RHSA-2022:5684
RHSA-2022:5685
RHSA-2022:5687
RHSA-2022:5695
RHSA-2022:5696
RHSA-2022:5697
RHSA-2022:5698
RHSA-2022:5700
RHSA-2022:5701
RHSA-2022:5709
RHSA-2022:5726
RHSA-2022:5736
RHSA-2022_5683
RHSA-2022_5687
RHSA-2022_5695
RHSA-2022_5696
RHSA-2022_5698
RHSA-2022_5709
RHSA-2022_5726
RHSA-2022_5736
RLSA-2022:5683
RLSA-2022:5696
RLSA-2022:5726
ROSA-SA-2023-2138
SUSE-SU-2022:2610-1
SUSE-SU-2022:2660-1
SUSE-SU-2022:2707-1
SUSE-SU-2022:2819-1
SUSE-SU-2022:2856-1
SUSE-SU-2022:2898-1
SUSE-SU-2022:2899-1
SUSE-SU-2022:2949-1
SUSE-SU-2022:3092-1
SUSE-SU-2022:3152-1
SUSE-SU-2022:4166-1
USN-5546-1
USN-5546-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graalvm Enterprise Edition
Java Platform
Java Se
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu