Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2022-21541

Published: 19/07/2022 Updated: 17/01/2024
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Oracle

Vulnerability Summary

It exists that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21434)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jre 17.0.3.1

oracle jre 18.0.1.1

oracle jre 11.0.15.1

oracle jre 1.8.0

oracle jre 1.7.0

oracle jdk 17.0.3.1

oracle jdk 18.0.1.1

oracle jdk 11.0.15.1

oracle jdk 1.8.0

oracle jdk 1.7.0

oracle graalvm 20.3.6

oracle graalvm 21.3.2

oracle graalvm 22.1.0

oracle openjdk 8

oracle openjdk 7

oracle openjdk 18

oracle openjdk

fedoraproject fedora 36

debian debian linux 10.0

debian debian linux 11.0

netapp oncommand insight -

netapp solidfire -

netapp hci management node -

netapp active iq unified manager -

netapp hci compute node -

netapp 7-mode transition tool -

netapp cloud insights acquisition unit -

netapp cloud secure agent -

azul zulu 17.34

azul zulu 7.54

azul zulu 8.62

azul zulu 11.56

azul zulu 13.48

azul zulu 15.40

azul zulu 18.30

Vendor Advisories

Debian Security Advisories: DSA-5192-1 openjdk-17 -- security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox For the stable distribution (bullseye), this problem has been fixed in version 1704+8-1~deb11u1 We recommend that you upgrade your openjdk-17 packages For the detailed security ...
Debian Security Advisories: DSA-5188-1 openjdk-11 -- security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in the execution of arbitrary Java bytecode or the bypass of the Java sandbox For the oldstable distribution (buster), these problems have been fixed in version 11016+8-1~deb10u1 For the stable distribution (bullseye), these problems have been fixed in ve ...
Ubuntu Security Notice: USN-5546-2: OpenJDK 8 vulnerabilities
Several security issues were fixed in OpenJDK 8 ...
Ubuntu Security Notice: USN-5546-1: OpenJDK vulnerabilities
Several security issues were fixed in OpenJDK ...
Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement update
Synopsis Important: java-180-openjdk security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Pro ...
Red Hat: Important: java-17-openjdk security, bug fix, and enhancement update
Synopsis Important: java-17-openjdk security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Product S ...
Red Hat: Important: OpenJDK 8u342 Windows builds release and security update
Synopsis Important: OpenJDK 8u342 Windows builds release and security update Type/Severity Security Advisory: Important Topic The Red Hat build of OpenJDK 8 (java-180-openjdk) is now available for WindowsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: OpenJDK 17.0.4 security update for Windows Builds
概述 Important: OpenJDK 1704 security update for Windows Builds 类型/严重性 Security Advisory: Important 标题 The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for WindowsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score ...
Red Hat: Important: OpenJDK 8u342 security update for Portable Linux Builds
Synopsis Important: OpenJDK 8u342 security update for Portable Linux Builds Type/Severity Security Advisory: Important Topic The Red Hat build of OpenJDK 8 (java-180-openjdk) is now available for portable LinuxRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Red Hat: Important: java-11-openjdk security, bug fix, and enhancement update
Synopsis Important: java-11-openjdk security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Product S ...
Red Hat: Important: java-17-openjdk security, bug fix, and enhancement update
概述 Important: java-17-openjdk security, bug fix, and enhancement update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product ...
Red Hat: Important: OpenJDK 11.0.16 security update for Windows Builds
概述 Important: OpenJDK 11016 security update for Windows Builds 类型/严重性 Security Advisory: Important 标题 The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for WindowsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Important: OpenJDK 17.0.4 Security Update for Portable Linux Builds
概述 Important: OpenJDK 1704 Security Update for Portable Linux Builds 类型/严重性 Security Advisory: Important 标题 The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available for portable LinuxRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...
Red Hat: Important: OpenJDK 11.0.16 Security Update for Portable Linux Builds
概述 Important: OpenJDK 11016 Security Update for Portable Linux Builds 类型/严重性 Security Advisory: Important 标题 The Red Hat Build of OpenJDK 11 (java-11-openjdk) is now available for portable LinuxRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: OpenShift Container Platform 4.6.61 bug fix and security update
Synopsis Important: OpenShift Container Platform 4661 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4661 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Red Hat: Moderate: OpenShift Container Platform 4.6.61 security and extras update
Synopsis Moderate: OpenShift Container Platform 4661 security and extras update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4661 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Red Hat: Important: java-1.8.0-openjdk security update
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsR ...
Red Hat: Important: java-1.8.0-openjdk security update
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Pro ...
Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement update
Synopsis Important: java-180-openjdk security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Pro ...
Red Hat: Important: java-1.8.0-openjdk security and bug fix update
Synopsis Important: java-180-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 84 Extended Update Support ...
Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement update
Synopsis Important: java-180-openjdk security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Pro ...
Red Hat: Important: java-11-openjdk security, bug fix, and enhancement update
Synopsis Important: java-11-openjdk security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product S ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product S ...
Red Hat: Important: java-11-openjdk security, bug fix, and enhancement update
Synopsis Important: java-11-openjdk security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product S ...
Red Hat: Important: java-11-openjdk security and bug fix update
Synopsis Important: java-11-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed H ...
Red Hat: Important: OpenShift Container Platform 4.9.45 bug fix and security update
Synopsis Important: OpenShift Container Platform 4945 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4945 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Red Hat: Moderate: OpenShift Container Platform 4.7.56 security and bug fix update
Synopsis Moderate: OpenShift Container Platform 4756 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4756 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a securit ...
Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.3.10)
Synopsis Moderate: Openshift Logging Bug Fix and security update Release (5310) Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5310)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed seve ...
Red Hat: Moderate: OpenShift Container Platform 4.10.25 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 41025 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41025 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...
Red Hat: Moderate: Openshift Logging Bug Fix and security update Release (5.2.13)
Synopsis Moderate: Openshift Logging Bug Fix and security update Release (5213) Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5213)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed seve ...
Red Hat: Moderate: OpenShift Container Platform 3.11.784 security update
Synopsis Moderate: OpenShift Container Platform 311784 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 311784 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pl ...
Red Hat: Important: Release of OpenShift Serverless 1.24.0
Synopsis Important: Release of OpenShift Serverless 1240 Type/Severity Security Advisory: Important Topic Release of OpenShift Serverless 1240The References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) base score Description Versio ...
Amazon Linux AMI: ALAS-2022-1633
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization) Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11013, 1701; Oracle GraalVM Enterprise Edition: 2034 and 2130 Difficult to exploit vulnerability allows unauthenticated attacker with network acce ...
Amazon Linux AMI: ALAS-2022-1631
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization) Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11013, 1701; Oracle GraalVM Enterprise Edition: 2034 and 2130 Difficult to exploit vulnerability allows unauthenticated attacker with network acce ...
Amazon Linux 2: ALAS2-2022-1824
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) computeNextExponential sometimes returns negative numbers contrary to the documentation (CVE-2022-21549) The Xalan Java X ...
Amazon Linux 2: ALAS2CORRETTO8-2022-003
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...
Amazon Linux 2: ALAS2JAVA-OPENJDK11-2022-002
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP) Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11014, 1702, 18; Oracle GraalVM Enterprise Edition: 2035, 2131 and 22002 Easily exploitable vulnerability allows unauthenticated attacker with network ...
Amazon Linux 2: ALAS2-2022-1836
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...
Amazon Linux 2: ALAS2-2022-1822
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...
Amazon Linux 2: ALAS2-2022-1823
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...
Amazon Linux 2: ALAS2-2022-1835
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization) Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11013, 1701; Oracle GraalVM Enterprise Edition: 2034 and 2130 Difficult to exploit vulnerability allows unauthenticated attacker with network acce ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center CVE-2022-21540, CVE-2022-21541, CVE-2022-34169 Affected products and versions are listed below Please upgrade your version to the appropriate version, or ...
Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2022-21540, CVE-2022-21541, CVE-2022-34169 Cosminexus XML Processor contain the following vulnerability: CVE-2022-34169 Affected products and versions are listed below Please upgrade your version to the appropriate vers ...
Amazon Linux 2022: ALAS2022-2022-111
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...
Amazon Linux 2022: ALAS2022-2022-119
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...
Amazon Linux 2022: ALAS2022-2022-113
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) computeNextExponential sometimes returns negative numbers contrary to the documentation (CVE-2022-21549) The Xalan Java X ...
Amazon Linux 2022: ALAS2022-2022-112
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...
Amazon Linux 2022: ALAS2022-2022-121
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) computeNextExponential sometimes returns negative numbers contrary to the documentation (CVE-2022-21549) The Xalan Java X ...
Amazon Linux 2022: ALAS2022-2022-120
Generated code produced by C1 may leak a package-private class to a class from a different package (CVE-2022-21540) MethodHandleinvokeBasic() method can be accessed on byte code level from an arbitrary class (CVE-2022-21541) The Xalan Java XSLT library has an integer truncation issue when processing malicious stylesheets This can be used to cor ...

References

NVD-CWE-noinfohttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.debian.org/security/2022/dsa-5188https://www.debian.org/security/2022/dsa-5192https://security.netapp.com/advisory/ntap-20220729-0009/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/https://security.gentoo.org/glsa/202401-25https://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5192https://ubuntu.com/security/notices/USN-5546-2https://ubuntu.com/security/notices/USN-5546-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook