CVE-2022-21341 in Java SEinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/28/2026

The vulnerability identified as CVE-2022-21341 represents a critical serialization flaw within Oracle Java SE and GraalVM Enterprise Edition systems. This weakness resides in the serialization component of these Java runtime environments, specifically targeting how they handle deserialization of untrusted data streams. The vulnerability affects multiple supported versions including Java SE 7u321, 8u311, 11.0.13, and 17.01, along with GraalVM Enterprise Edition versions 20.3.4 and 21.3.0. The flaw operates at the core of Java's object serialization mechanism, which is fundamental to network communication and data persistence in Java applications. This makes it particularly dangerous as serialization is extensively used across enterprise applications, web services, and client-side Java deployments.

The technical exploitation of this vulnerability occurs through network-based attacks that require no authentication, making it highly accessible to potential attackers. The vulnerability's CVSS score of 5.3 reflects its moderate severity with a focus on availability impact, specifically enabling partial denial of service conditions. Attackers can leverage this weakness by sending malicious serialized data to vulnerable Java applications through multiple network protocols, effectively bypassing traditional security controls. The vulnerability's exploitation pathway is particularly concerning because it targets sandboxed environments where applications typically run with restricted privileges. According to CWE-502, this vulnerability falls under the category of "Deserialization of Untrusted Data," which is a well-documented class of vulnerabilities that has historically led to remote code execution and system compromise. The attack surface is further expanded when considering that this flaw can be triggered through web services that process data through the affected APIs, making it applicable to both client-side and server-side Java applications.

The operational impact of CVE-2022-21341 extends beyond simple service disruption, as it enables attackers to compromise the availability of Java-based systems in environments where untrusted code execution is permitted. This vulnerability primarily affects deployments where Java Web Start applications or applets operate in sandboxed environments, but it also poses risks to web services that utilize the affected serialization APIs. Organizations running Java applications in production environments face significant risk, particularly those that process data from untrusted sources or maintain network services accessible to external parties. The vulnerability's exploitation requires minimal attack complexity and provides substantial impact, aligning with ATT&CK technique T1203 for "Exploitation for Client Execution" and T1499 for "Endpoint Denial of Service." The partial denial of service condition can severely impact business operations, particularly in mission-critical applications where Java-based services are essential for system functionality.

Organizations should implement immediate mitigation strategies including updating to patched versions of affected Java SE and GraalVM Enterprise Edition releases, as Oracle has addressed this vulnerability in their security updates. Network segmentation and firewall rules should be implemented to restrict unnecessary access to Java applications that may be vulnerable. Additionally, organizations should conduct thorough security assessments of their Java-based applications to identify potential exposure points and implement proper input validation and data sanitization measures. The vulnerability's classification under CWE-502 and its mapping to ATT&CK techniques emphasize the importance of defensive measures such as runtime application self-protection, application firewalls, and regular security monitoring to detect potential exploitation attempts. Security teams should also consider implementing intrusion detection systems specifically configured to monitor for patterns associated with serialization-based attacks, as these attacks often follow predictable behavioral signatures that can be detected through proper network monitoring and log analysis.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.03765

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!