CVE-2022-21291 in Java SE
Summary
by MITRE • 01/19/2022
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/28/2026
The vulnerability identified as CVE-2022-21291 represents a critical integrity flaw within the Hotspot component of Oracle Java SE and Oracle GraalVM Enterprise Edition. This issue affects multiple supported versions including Java SE 7u321, 8u311, 11.0.13, and 17.01, alongside GraalVM Enterprise Edition versions 20.3.4 and 21.3.0. The vulnerability operates at the core of Java's runtime execution environment where the Hotspot JVM handles bytecode execution and memory management. The flaw specifically targets the sandboxing mechanisms that are designed to isolate untrusted code execution, creating a pathway for attackers to bypass security boundaries that should protect against malicious code injection.
The technical exploitation of this vulnerability occurs through network-based attacks that require no authentication, making it particularly dangerous for environments where Java applications are deployed with minimal security controls. The CVSS score of 5.3 indicates a moderate severity level with integrity impacts, suggesting that attackers can perform unauthorized modifications to data accessible through the affected Java implementations. This vulnerability is classified under CWE-284, which deals with improper access control mechanisms, and aligns with ATT&CK techniques related to privilege escalation and data manipulation through compromised runtime environments. The attack vector leverages multiple protocols and can be executed through various entry points including Java Web Start applications and applets that load untrusted content from the internet.
The operational impact of CVE-2022-21291 extends beyond simple data integrity concerns as it can enable attackers to execute unauthorized update, insert, or delete operations on sensitive data within affected systems. This represents a significant risk for organizations that rely on Java-based applications for business-critical processes, particularly in environments where sandboxed applications are used to execute untrusted code from external sources. The vulnerability's exploitation potential is amplified in web service scenarios where APIs may process data through the affected Java components, creating additional attack surfaces for malicious actors. Organizations running affected versions of Java SE or GraalVM Enterprise Edition face potential data corruption, unauthorized modifications to application data, and possible escalation to more severe security incidents. The vulnerability's ease of exploitation and lack of authentication requirements make it particularly attractive to threat actors seeking to compromise systems without detection.
Mitigation strategies for CVE-2022-21291 should prioritize immediate patching of affected Java installations to the latest supported versions that contain the security fixes. Organizations should also implement network segmentation and access controls to limit exposure of Java applications to untrusted networks. The principle of least privilege should be enforced when configuring Java runtime environments, particularly disabling unnecessary APIs and restricting network access for sandboxed applications. Additional defensive measures include monitoring network traffic for suspicious Java-related protocols and implementing application whitelisting policies that prevent execution of untrusted Java code. Security teams should also consider deploying intrusion detection systems that can identify exploitation attempts targeting the specific vulnerability patterns associated with this CVE. Regular vulnerability assessments and security audits of Java-based applications are essential to identify and remediate similar issues that may exist within the broader application ecosystem.