CVE-2022-21619

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19 Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0

Description The issue is related to an error in integer value conversion in the Security component of Oracle Java SE and Oracle GraalVM Enterprise Edition. It allows an unauthenticated attacker with network access via multiple protocols to compromise the system, resulting in unauthorized update, insert, or delete access to some accessible data. This typically affects Java deployments that load and run untrusted code, relying on the Java sandbox for security. The vulnerability can also be exploited through APIs in the specified component, for example, via a web service supplying data to the APIs.

Recommendations For Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, 22.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the vulnerable Security component until a patch is available. Avoid using APIs in the specified component to minimize the risk of exploitation.