CVE-2022-21449

Description from NVD

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Information Acquisition Date:2022-05-01T14:54Z
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:N/I:P/A:N

NVD References

 https://www.oracle.com/security-alerts/cpuapr2022.html
     source:MISC
     tags:Patch    Vendor Advisory    
 [oss-security] 20220428 CVE-2022-21449 and version reporting
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20220428 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:Mailing List    
 [oss-security] 20220428 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20220428 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 [oss-security] 20220428 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 [oss-security] 20220428 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 https://security.netapp.com/advisory/ntap-20220429-0006/
     source:CONFIRM
     tags:
 [oss-security] 20220429 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 [oss-security] 20220430 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 [oss-security] 20220430 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 [oss-security] 20220430 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 [oss-security] 20220430 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:
 [oss-security] 20220430 Re: CVE-2022-21449 and version reporting
     source:MLIST
     tags:

This vulnerability may involve a PoC.

Description from Forti

Security Vulnerability CVE-2022-21449 in Oracle JRE

Information Acquisition Date:2022/04/30

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com59
http://twinybots.ch49
https://www.ipa.go.jp/security/ciadr/vul/20220420-jre.html15
https://www.oracle.com/security-alerts/cpuapr2022.html6
https://tweetedtimes.com/LinuxSec?s=tnp6
https://thehackernews.com/2022/04/researcher-releases-poc-f...6
https://ift.tt/aKLWnA95
https://access.redhat.com/security/cve/cve-2022-214495
https://infosecwriteups.com/what-caused-psychic-signatures-...5
https://github.com/jfrog/jfrog-CVE-2022-214494
https://twitter.com/sweis/status/15166547682062049314
https://rssfeeds.cloudsite.builders/2022/04/21/cve-2022-214...4
https://jfrog.com/blog/cve-2022-21449-psychic-signatures-an...3
https://opsmtrs.com/3tbAFrI3
https://www.reddit.com/r/netsec3
https://arstechnica.com/information-technology/2022/04/majo...3
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java3
https://openjdk.java.net/groups/vulnerability/advisories/20...3
https://securityaffairs.co/wordpress/130522/security/poc-ja...3
https://securityonline.info/cve-2022-21449-oracle-java-se-a...3
https://nakedsecurity.sophos.com/2022/04/20/critical-crypto...3
https://forest.watch.impress.co.jp/docs/news/1404535.html3

Information from Twitter

User URL Info Source Date
d4d89704243 https://www.linkedin.com/pulse/exploitation-psychic-signatu... Source d4d89704243      1617203434159017985 2023/01/23

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com59
twinybots.ch49
www.ipa.go.jp15
www.oracle.com6
tweetedtimes.com6
thehackernews.com6
ift.tt5
access.redhat.com5
infosecwriteups.com5
github.com4
twitter.com4
rssfeeds.cloudsite.builders4
jfrog.com3
opsmtrs.com3
www.reddit.com3
arstechnica.com3
neilmadden.blog3
openjdk.java.net3
securityaffairs.co3
securityonline.info3
nakedsecurity.sophos.com3
forest.watch.impress.co.jp3

Information from Twitter

User URL Info Source
d4d89704243 linkedin.com Show Tweet

GitHub Search Results: Up to 10
NameURL
jfrog/jfrog-CVE-2022-21449 https://github.com/jfrog/jfrog-CVE-2022-21449
khalednassar/CVE-2022-21449-TLS-PoC https://github.com/khalednassar/CVE-2022-21449-TLS-PoC
jmiettinen/CVE-2022-21449-vuln-test https://github.com/jmiettinen/CVE-2022-21449-vuln-test
thack1/CVE-2022-21449 https://github.com/thack1/CVE-2022-21449
marschall/psychic-signatures https://github.com/marschall/psychic-signatures
Damok82/SignChecker https://github.com/Damok82/SignChecker

GitHub Search Results: Up to 10
NameURL
jfrog/jfrog-CVE-2022-21449 github.com
khalednassar/CVE-2022-21449-TLS-PoC github.com
jmiettinen/CVE-2022-21449-vuln-test github.com
thack1/CVE-2022-21449 github.com
marschall/psychic-signatures github.com
Damok82/SignChecker github.com

2023/01/23 Score : 0
Added Har-sia Database : 2022/04/20
Last Modified : 2023/01/23
Highest Scored Date : 2022/04/21
Highest Score : 177