PT-2022-4254 · Oracle+10 · Oracle Java Se+12

Published

2022-07-04

·

Updated

2026-05-08

·

CVE-2022-21540

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 Oracle GraalVM Enterprise Edition versions 20.3.6, 21.3.2, 22.1.0
Description The issue is related to insufficient input validation in the Hotspot component of Oracle Java SE and Oracle GraalVM Enterprise Edition. This allows an unauthenticated attacker with network access via multiple protocols to compromise the system, resulting in unauthorized read access to a subset of accessible data. The vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.
Recommendations For Oracle Java SE versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.6, 21.3.2, 22.1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Hotspot component until a patch is available. Avoid using APIs in the specified component that supply data to untrusted sources until the issue is resolved.

Exploit

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2022:5683
ALSA-2022:5695
ALSA-2022:5696
ALSA-2022:5709
ALSA-2022:5736
ALT-PU-2022-7661
ALT-PU-2022-7662
ALT-PU-2022-7663
ALT-PU-2022-7664
ALT-PU-2022-7665
ALT-PU-2022-7666
ALT-PU-2022-7667
ALT-PU-2022-7668
ALT-PU-2025-6317
BDU:2022-05104
BIT-JAVA-2022-21540
BIT-JAVA-MIN-2022-21540
BIT-JRE-2022-21540
CESA-2022_5683
CESA-2022_5687
CESA-2022_5696
CESA-2022_5698
CESA-2022_5726
CVE-2022-21540
DSA-5188-1
DSA-5192-1
MGASA-2022-0435
OESA-2022-1786
OESA-2022-1832
OESA-2022-1849
OPENSUSE-SU-2022_2660-1
OPENSUSE-SU-2022_2707-1
OPENSUSE-SU-2022_2856-1
OPENSUSE-SU-2022_2949-1
OPENSUSE-SU-2022_3092-1
OPENSUSE-SU-2022_4166-1
OPENSUSE-SU-2024:12201-1
OPENSUSE-SU-2024:12202-1
OPENSUSE-SU-2024:12203-1
OPENSUSE-SU-2024:12207-1
OPENSUSE-SU-2024:12208-1
OPENSUSE-SU-2024:12234-1
OPENSUSE-SU-2024:12261-1
OPENSUSE-SU-2024:12262-1
OPENSUSE-SU-2024:12263-1
OPENSUSE-SU-2025:0066-1
RHSA-2022:5681
RHSA-2022:5683
RHSA-2022:5684
RHSA-2022:5685
RHSA-2022:5687
RHSA-2022:5695
RHSA-2022:5696
RHSA-2022:5697
RHSA-2022:5698
RHSA-2022:5700
RHSA-2022:5701
RHSA-2022:5709
RHSA-2022:5726
RHSA-2022:5736
RHSA-2022_5683
RHSA-2022_5687
RHSA-2022_5695
RHSA-2022_5696
RHSA-2022_5698
RHSA-2022_5709
RHSA-2022_5726
RHSA-2022_5736
RLSA-2022:5683
RLSA-2022:5696
RLSA-2022:5726
ROSA-SA-2023-2138
SUSE-SU-2022:2610-1
SUSE-SU-2022:2660-1
SUSE-SU-2022:2707-1
SUSE-SU-2022:2819-1
SUSE-SU-2022:2856-1
SUSE-SU-2022:2898-1
SUSE-SU-2022:2899-1
SUSE-SU-2022:2949-1
SUSE-SU-2022:3092-1
SUSE-SU-2022:3152-1
SUSE-SU-2022:4166-1
SUSE-SU-2022_2610-1
SUSE-SU-2022_2660-1
SUSE-SU-2022_2707-1
SUSE-SU-2022_2819-1
SUSE-SU-2022_2856-1
SUSE-SU-2022_2898-1
SUSE-SU-2022_2899-1
SUSE-SU-2022_2949-1
SUSE-SU-2022_3152-1
SUSE-SU-2022_4166-1
USN-5546-1
USN-5546-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Java Platform
Linuxmint
Oracle Graalvm Enterprise Edition
Oracle Java Se
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu