Vulnerability Name: CVE-2022-21271 (CCN-217566) Assigned: 2021-11-15 Published: 2022-01-18 Updated: 2022-10-27 Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.Note CVSS v3 Severity: 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2022-21271 oracle-cpujan2022-cve202221271(217566) GLSA-202209-05 https://security.netapp.com/advisory/ntap-20220121-0007/ IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21271) Oracle Java SE is vulnerable to CVE-2022-21271 used in IBM Maximo Application Suite - Monitor Component https://www.oracle.com/security-alerts/cpuapr2022.html Oracle Critical Patch Update Advisory - January 2022 https://www.oracle.com/security-alerts/cpujan2022.html Vulnerable Configuration: Configuration 1 :cpe:/o:oracle:solaris:11:*:*:*:*:*:*:* OR cpe:/a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* OR cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:* OR cpe:/a:oracle:jre:1.7.0:update321:*:*:*:*:*:* OR cpe:/a:oracle:jre:11.0.13:*:*:*:*:*:*:* OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:* OR cpe:/a:oracle:jre:1.8.0:update311:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.7.0:update321:*:*:*:*:*:* OR cpe:/a:oracle:jdk:11.0.13:*:*:*:*:*:*:* OR cpe:/a:oracle:jdk:1.8.0:update311:*:*:*:*:*:* Configuration 2 :cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:* OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:* OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:* OR cpe:/a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:* OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:* OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:* OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* OR cpe:/a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:* OR cpe:/a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:* OR cpe:/a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:* OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* OR cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.70.1) OR cpe:/a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:* OR cpe:/a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:java_se:7u321:*:*:*:*:*:*:* OR cpe:/a:oracle:java_se:8u311:*:*:*:*:*:*:* OR cpe:/a:oracle:java_se:11.0.13:*:*:*:*:*:*:* OR cpe:/a:oracle:java_se:17.01:*:*:*:*:*:*:* OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:* OR cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:* AND cpe:/a:ibm:maximo_application_suite:8.8:*:*:*:*:*:*:* Oval Definitions BACK
oracle solaris 11
oracle http server 12.2.1.3.0
oracle http server 12.2.1.4.0
oracle zfs storage appliance kit 8.8
oracle graalvm 21.3.0
oracle jre 1.7.0 update321
oracle jre 11.0.13
oracle graalvm 20.3.4
oracle jre 1.8.0 update311
oracle jdk 1.7.0 update321
oracle jdk 11.0.13
oracle jdk 1.8.0 update311
netapp snapmanager -
netapp snapmanager -
netapp oncommand workflow automation -
netapp oncommand insight -
netapp e-series santricity storage manager -
netapp solidfire -
netapp hci management node -
netapp active iq unified manager -
netapp santricity unified manager -
netapp e-series santricity web services -
netapp 7-mode transition tool -
netapp active iq unified manager -
netapp e-series santricity os controller *
netapp cloud insights acquisition unit -
netapp cloud secure agent -
oracle java se 7u321
oracle java se 8u311
oracle java se 11.0.13
oracle java se 17.01
oracle graalvm 20.3.4
oracle graalvm 21.3.0
ibm maximo application suite 8.8
Denotes that component is vulnerable