Vulnerability Name:

CVE-2022-21541 (CCN-231568)

Assigned:2021-11-15
Published:2022-07-19
Updated:2023-04-27
Summary:An unspecified vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition related to the Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
5.9 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2022-21541

Source: XF
Type: UNKNOWN
oracle-cpujul2022-cve202221541(231568)

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Mailing List, Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Third Party Advisory
secalert_us@oracle.com

Source: secalert_us@oracle.com
Type: Third Party Advisory
secalert_us@oracle.com

Source: CCN
Type: IBM Security Bulletin 6616533 (Java)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6618351 (Cloud Application Business Insights)
Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-21496, CVE-2022-21434, CVE-2022-21443, CVE-2022-22475, CVE-2022-22476, CVE-2022-21540 & CVE-2022-21541

Source: CCN
Type: IBM Security Bulletin 6824189 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 6825753 (Robotic Process Automation)
Multiple security vulnerabilities may affect IBM Robotic Process Automation due to Java (CVE-2022-21541, CVE-2022-21540)

Source: CCN
Type: IBM Security Bulletin 6827857 (Liberty for Java for Cloud)
Multiple vulnerabilities in IBM Java SDK affect Liberty for Java for IBM Cloud due to July 2022 CPU

Source: CCN
Type: IBM Security Bulletin 6828537 (Robotic Process Automation)
Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6831591 (Robotic Process Automation)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6832092 (Rational Software Architect Designer)
IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022and Jul 2022

Source: CCN
Type: IBM Security Bulletin 6832710 (App Connect Professional)
Multiple vulnerabilities in IBM Java SDK affect App Connect Professional.

Source: CCN
Type: IBM Security Bulletin 6832956 (Cloud Pak for Security)
IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6839563 (Rational Application Developer)
IBM SDK, Java Technology Edition, Security Update July 2022

Source: CCN
Type: IBM Security Bulletin 6845530 (Tivoli Business Service Manager)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2022-21541, CVE-2022-21540)

Source: CCN
Type: IBM Security Bulletin 6846157 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9

Source: CCN
Type: IBM Security Bulletin 6846257 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6846561 (Tivoli Application Dependency Discovery Manager)
IBM SDK Java Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2022-21541, CVE-2022-21540, CVE-2021-2163)

Source: CCN
Type: IBM Security Bulletin 6847351 (Tivoli Netcool Impact)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Source: CCN
Type: IBM Security Bulletin 6848847 (Rational Directory Server)
Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Source: CCN
Type: IBM Security Bulletin 6851337 (CICS Transaction Gateway)
Vulnerabilities (CVE-2022-21541 and CVE-2022-21540 ) in IBM Java Runtime affects CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6851351 (CICS Transaction Gateway)
Vulnerabilities (CVE-2022-21541 and CVE-2022-21540) in IBM Java Runtime affects CICS Transaction Gateway Desktop Editon

Source: CCN
Type: IBM Security Bulletin 6851613 (WebSphere Application Server Patterns)
Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server April and July 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Source: CCN
Type: IBM Security Bulletin 6852241 (Tivoli Netcool/OMNIbus)
Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6854335 (Sterling Partner Engagement Manager)
IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to IBM SDK, Java Technology Edition ( CVE-2022-21541, CVE-2022-21540 )

Source: CCN
Type: IBM Security Bulletin 6854647 (Tivoli Monitoring)
Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Source: CCN
Type: IBM Security Bulletin 6855629 (Tivoli Netcool Configuration Manager)
A vulnerability exists in the IBM SDK, Java Technology Edition affecting IBM Tivoli Netcool Configuration Manager (CVE-2022-21541, CVE-2022-21540).

Source: CCN
Type: IBM Security Bulletin 6856209 (SANnav)
Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Source: CCN
Type: IBM Security Bulletin 6857309 (Workload Scheduler)
Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Workload Scheduler.

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: secalert_us@oracle.com
Type: Patch, Vendor Advisory
secalert_us@oracle.com

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*
  • OR cpe:/a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*
  • AND
  • cpe:/a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_patterns:1.0.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_patterns:2.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_administrator:6.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_application_developer:9.6:*:*:*:websphere:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_partner_engagement_manager:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7536
    P
    		java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8079
    P
    		java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:8080
    P
    		java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7535
    P
    		java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:730
    P
    		Security update for java-1_8_0-openj9 (Important)
    2022-09-06
    oval:org.opensuse.security:def:119664
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-31
    oval:org.opensuse.security:def:119479
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-31
    oval:org.opensuse.security:def:718
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-31
    oval:org.opensuse.security:def:127331
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:125770
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:6120
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:5312
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:126949
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:5331
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:127347
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:125786
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:6145
    P
    		Security update for java-1_7_1-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:6146
    P
    		Security update for java-1_8_0-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:126948
    P
    		Security update for java-1_7_1-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:5330
    P
    		Security update for java-1_7_1-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:127346
    P
    		Security update for java-1_7_1-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:125785
    P
    		Security update for java-1_7_1-ibm (Important)
    2022-08-25
    oval:org.opensuse.security:def:702
    P
    		Security update for java-1_8_0-openjdk (Important)
    2022-08-19
    oval:org.opensuse.security:def:119657
    P
    		Security update for java-1_8_0-openjdk (Important)
    2022-08-19
    oval:org.opensuse.security:def:119472
    P
    		Security update for java-1_8_0-openjdk (Important)
    2022-08-19
    oval:org.opensuse.security:def:6138
    P
    		Security update for java-1_8_0-openjdk (Important)
    2022-08-16
    oval:org.opensuse.security:def:126944
    P
    		Security update for java-1_8_0-openjdk (Important)
    2022-08-16
    oval:org.opensuse.security:def:127342
    P
    		Security update for java-1_8_0-openjdk (Important)
    2022-08-16
    oval:org.opensuse.security:def:125780
    P
    		Security update for java-1_8_0-openjdk (Important)
    2022-08-16
    oval:org.opensuse.security:def:118981
    P
    		Security update for java-11-openjdk (Important)
    2022-08-09
    oval:org.opensuse.security:def:119286
    P
    		Security update for java-11-openjdk (Important)
    2022-08-09
    oval:org.opensuse.security:def:119652
    P
    		Security update for java-11-openjdk (Important)
    2022-08-09
    oval:org.opensuse.security:def:119467
    P
    		Security update for java-11-openjdk (Important)
    2022-08-09
    oval:org.opensuse.security:def:684
    P
    		Security update for java-11-openjdk (Important)
    2022-08-09
    oval:org.opensuse.security:def:118791
    P
    		Security update for java-11-openjdk (Important)
    2022-08-09
    oval:org.opensuse.security:def:95352
    P
    		Security update for java-1_8_0-openjdk (Important) (in QA)
    2022-08-04
    oval:org.opensuse.security:def:3722
    P
    		Security update for java-1_8_0-openjdk (Important) (in QA)
    2022-08-04
    oval:org.opensuse.security:def:672
    P
    		Security update for java-17-openjdk (Important)
    2022-08-03
    oval:org.opensuse.security:def:3663
    P
    		Security update for java-17-openjdk (Important)
    2022-08-03
    oval:org.opensuse.security:def:95293
    P
    		Security update for java-17-openjdk (Important)
    2022-08-03
    oval:org.opensuse.security:def:6124
    P
    		Security update for java-11-openjdk (Important)
    2022-08-01
    oval:com.redhat.rhsa:def:20225736
    P
    		RHSA-2022:5736: java-17-openjdk security, bug fix, and enhancement update (Important)
    2022-07-27
    oval:com.redhat.rhsa:def:20225726
    P
    		RHSA-2022:5726: java-17-openjdk security, bug fix, and enhancement update (Important)
    2022-07-26
    oval:com.redhat.rhsa:def:20225698
    P
    		RHSA-2022:5698: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)
    2022-07-25
    oval:com.redhat.rhsa:def:20225709
    P
    		RHSA-2022:5709: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)
    2022-07-25
    oval:com.redhat.rhsa:def:20225695
    P
    		RHSA-2022:5695: java-11-openjdk security, bug fix, and enhancement update (Important)
    2022-07-25
    oval:com.redhat.rhsa:def:20225696
    P
    		RHSA-2022:5696: java-1.8.0-openjdk security, bug fix, and enhancement update (Important)
    2022-07-25
    oval:org.opensuse.security:def:3744
    P
    		Security update for java-11-openjdk (Important) (in QA)
    2022-07-22
    oval:org.opensuse.security:def:95374
    P
    		Security update for java-11-openjdk (Important) (in QA)
    2022-07-22
    oval:org.opensuse.security:def:3642
    P
    		Security update for java-11-openjdk (Important) (in QA)
    2022-07-22
    oval:org.opensuse.security:def:95272
    P
    		Security update for java-11-openjdk (Important) (in QA)
    2022-07-22
    oval:com.redhat.rhsa:def:20225683
    P
    		RHSA-2022:5683: java-11-openjdk security, bug fix, and enhancement update (Important)
    2022-07-21
    oval:com.redhat.rhsa:def:20225687
    P
    		RHSA-2022:5687: java-11-openjdk security, bug fix, and enhancement update (Important)
    2022-07-21
    BACK
    oracle graalvm 20.3.6
    oracle graalvm 21.3.2
    oracle graalvm 22.1.0
    ibm rational directory server 5.2.1
    ibm cics transaction gateway 9.0
    ibm tivoli monitoring 6.3.0
    ibm cics transaction gateway 9.1
    ibm tivoli netcool configuration manager 6.4.1
    ibm tivoli netcool/omnibus 8.1.0
    ibm websphere application server patterns 1.0.0.0
    ibm tivoli netcool configuration manager 6.4.2
    ibm rational functional tester 9.1
    ibm workload scheduler 9.4
    ibm rational functional tester 9.2
    ibm websphere application server patterns 1.0.0.7
    ibm websphere application server patterns 2.2.0.0
    ibm tivoli monitoring 6.3.0.7
    ibm tivoli netcool/impact 7.1.0
    ibm tivoli business service manager 6.2.0
    ibm rational functional tester 9.5
    ibm java 7.0.0.0
    ibm java 8.0.0.0
    ibm rational directory administrator 6.0.0.2
    ibm cloud transformation advisor 2.0.1
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm rational application developer 9.6
    ibm workload scheduler 9.5
    ibm robotic process automation 21.0.0
    ibm robotic process automation 21.0.1
    ibm robotic process automation 21.0.2
    ibm sterling partner engagement manager 6.1
    ibm robotic process automation 21.0.3
    ibm robotic process automation 21.0.4
    ibm cloud pak for security 1.10.0.0
    ibm cloud pak for security 1.10.2.0
    ibm cics transaction gateway 9.2