CVE-2022-21305 in Java SE
Summary
by MITRE • 01/19/2022
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/28/2026
This vulnerability resides within the Hotspot component of Oracle Java SE and Oracle GraalVM Enterprise Edition, representing a critical integrity flaw that undermines the security model of sandboxed Java applications. The vulnerability affects specific versions including Java SE 7u321, 8u311, 11.0.13, and 17.01, alongside GraalVM Enterprise Edition 20.3.4 and 21.3.0, making it particularly concerning given the widespread deployment of these runtime environments. The CVSS score of 5.3 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N indicates a low complexity, network-based attack that requires no authentication or user interaction, while the integrity impact score of 5.3 reflects the potential for unauthorized modification of data accessible through the vulnerable Java runtime.
The technical flaw manifests in how the Hotspot JVM handles certain code execution paths when processing untrusted input, creating a pathway for attackers to bypass the security boundaries that typically protect sandboxed applications. This vulnerability specifically targets the Java sandbox mechanism that is designed to prevent malicious code from accessing system resources or modifying data. The exploitation occurs through multiple network protocols, making it particularly dangerous as attackers can leverage various attack vectors to reach vulnerable systems. The vulnerability's classification under CWE (Common Weakness Enumeration) would likely fall within categories related to sandbox bypass or privilege escalation, though the exact CWE mapping would depend on the specific implementation details of the flaw.
The operational impact of this vulnerability extends beyond simple data integrity concerns, as it enables attackers to perform unauthorized update, insert, or delete operations on data accessible through the vulnerable Java runtime environment. This affects systems where Java Web Start applications or applets are deployed in sandboxed environments, which are commonly found in enterprise settings where legacy applications continue to operate. The vulnerability's applicability to web services that utilize the affected APIs further amplifies its potential impact, as it could enable attackers to compromise data integrity through legitimate service interfaces. Organizations running these vulnerable versions face significant risk, particularly in environments where untrusted code execution is permitted or required for business operations.
Mitigation strategies should prioritize immediate patching of affected Oracle Java SE and GraalVM Enterprise Edition installations to the latest supported versions. System administrators should conduct comprehensive inventory assessments to identify all vulnerable deployments and implement network segmentation to limit exposure to the specific protocols used in exploitation. The implementation of additional security controls such as Java security policy files, network firewalls, and application whitelisting can provide additional layers of protection. Organizations should also review their deployment practices to minimize the execution of untrusted code in sandboxed environments and consider migrating away from legacy Java versions that are no longer receiving security updates. According to ATT&CK framework considerations, this vulnerability maps to techniques involving sandbox evasion and privilege escalation, making it particularly relevant for organizations implementing defensive security measures against advanced persistent threats.