PT-2022-6855 · Oracle+11 · Graalvm Enterprise Edition+13

Published

2022-01-18

·

Updated

2026-05-27

·

CVE-2022-21341

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0
Description The issue is related to the Serialization component in Oracle Java SE and Oracle GraalVM Enterprise Edition, allowing an unauthenticated attacker with network access to compromise the system and cause a partial denial of service. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component, for example, via a web service that supplies data to the APIs.
Recommendations For Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1, update to a version that contains a fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Serialization component until a patch is available. Avoid using APIs in the affected component, such as through a web service, until the issue is resolved.

Fix

DoS

RCE

Deserialization of Untrusted Data

Weakness Enumeration

CWE-20CWE-502CWE-1173

Related Identifiers

ALSA-2022:0161
ALSA-2022:0185
ALSA-2022:0307
ALT-PU-2022-7652
ALT-PU-2022-7653
ALT-PU-2022-7654
ALT-PU-2022-7655
BDU:2023-05164
BIT-JAVA-2022-21341
BIT-JAVA-MIN-2022-21341
BIT-JRE-2022-21341
CESA-2022_0161
CESA-2022_0185
CESA-2022_0204
CESA-2022_0306
CESA-2022_0307
CESA-2022_0970
CVE-2022-21341
DLA-2917-1
DSA-5057-1
DSA-5058-1
OESA-2022-1696
OESA-2022-1702
OESA-2022-1813
OPENSUSE-SU-2022:0816-1
OPENSUSE-SU-2022:0870-1
OPENSUSE-SU-2022:0873-1
OPENSUSE-SU-2022:1027-1
OPENSUSE-SU-2022_0816-1
OPENSUSE-SU-2022_0870-1
OPENSUSE-SU-2022_0873-1
OPENSUSE-SU-2022_1027-1
OPENSUSE-SU-2024:11798-1
OPENSUSE-SU-2024:11799-1
OPENSUSE-SU-2024:11800-1
OPENSUSE-SU-2024:11810-1
OPENSUSE-SU-2024:11895-1
OPENSUSE-SU-2024:11896-1
RHSA-2022:0161
RHSA-2022:0185
RHSA-2022:0204
RHSA-2022:0209
RHSA-2022:0211
RHSA-2022:0233
RHSA-2022:0304
RHSA-2022:0305
RHSA-2022:0306
RHSA-2022:0307
RHSA-2022:0312
RHSA-2022:0968
RHSA-2022:0969
RHSA-2022:0970
RHSA-2022_0161
RHSA-2022_0185
RHSA-2022_0204
RHSA-2022_0306
RHSA-2022_0307
RHSA-2022_0968
RHSA-2022_0969
RHSA-2022_0970
RLSA-2022:0161
RLSA-2022:0185
RLSA-2022:0307
ROSA-SA-2023-2135
SUSE-SU-2022:0730-1
SUSE-SU-2022:0816-1
SUSE-SU-2022:0871-1
SUSE-SU-2022:0873-1
SUSE-SU-2022:1025-1
SUSE-SU-2022:1026-1
SUSE-SU-2022:1027-1
SUSE-SU-2022:14926-1
SUSE-SU-2022:14927-1
SUSE-SU-2022_14927-1
USN-5313-1
USN-5313-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graalvm Enterprise Edition
Ibm Aix
Java Platform
Java Se
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu