First published: Tue Oct 18 2022(Updated: )
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle GraalVM | =20.3.7 | |
Oracle GraalVM | =21.3.3 | |
Oracle GraalVM | =22.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-21597 is a vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE, specifically affecting versions 20.3.7, 21.3.3, and 22.2.0.
The severity of CVE-2022-21597 is medium, with a severity value of 5.3.
CVE-2022-21597 allows an unauthenticated attacker with network access to exploit the vulnerability via HTTP.
To fix CVE-2022-21597, it is recommended to apply the latest security patch provided by Oracle.
You can find more information about CVE-2022-21597 on the Oracle Security Alerts page: [Oracle Security Alerts](https://www.oracle.com/security-alerts/cpuoct2022.html).