CVE-2022-21619 in Java SEinfo

Summary

by MITRE • 10/19/2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/28/2026

This vulnerability resides within Oracle Java SE and Oracle GraalVM Enterprise Edition security components, representing a significant concern for systems that execute untrusted code within sandboxed environments. The flaw affects multiple version streams including Java SE 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, and 19, alongside GraalVM Enterprise Edition versions 20.3.7, 21.3.3, and 22.2.0. The vulnerability's classification as difficult to exploit indicates that while it requires specific conditions for successful exploitation, the attack surface remains substantial given the widespread deployment of these Java components across enterprise environments.

The technical nature of this vulnerability stems from inadequate security controls within the Java sandbox mechanism that governs execution of untrusted code. Attackers can leverage network-based access through multiple protocols to compromise systems without authentication requirements, exploiting the inherent trust placed in sandboxed environments. This weakness particularly affects deployments where Java Web Start applications or applets execute code from untrusted sources, creating a pathway for attackers to bypass security boundaries that should prevent unauthorized data manipulation. The vulnerability's CVSS score of 3.7 reflects its integrity impact, indicating potential unauthorized update, insert, or delete operations against accessible data within the affected systems.

The operational impact extends beyond simple data integrity concerns to encompass broader security implications for enterprise environments relying on Java-based applications. Systems running sandboxed Java applications that load external code from the internet become particularly vulnerable, as the attack vector leverages legitimate Java functionality to execute malicious operations. This vulnerability's applicability to web services that supply data to Java APIs further amplifies its potential impact, as it can be exploited through indirect means that do not require direct system compromise. The lack of user interaction requirements and the ability to exploit via multiple protocols make this vulnerability particularly dangerous in environments where Java applications are frequently exposed to external networks.

Security mitigations should prioritize immediate patching of affected Oracle Java SE and GraalVM Enterprise Edition installations to address the underlying sandbox security flaws. Organizations should implement network segmentation to limit exposure of Java-based systems to untrusted networks and consider disabling unnecessary Java applet and Web Start functionality where possible. The vulnerability's mapping to CWE-250 (Execution of Code with Unnecessary Privileges) and ATT&CK technique T1059.007 (Command and Scripting Interpreter: PowerShell) highlights the need for comprehensive security monitoring that can detect anomalous code execution patterns within Java environments. Additionally, implementing strict code signing policies and restricting Java's ability to execute external code from untrusted sources can significantly reduce the attack surface for exploitation of this vulnerability.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

10/19/2022

Moderation

accepted

CPE

ready

EPSS

0.02376

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!