CVE-2022-21449

Name: CVE-2022-21449
Creator: NVD / NIST
Published: 2022-04-19T21:15:16.127+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 46.68%

Last modified Jun 17, 2026

CVE-2022-21449 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. EPSS estimates a 46.68% chance of exploitation in the next 30 days.

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

46.68%

98.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Oracle	Graalvm	21.3.1
Oracle	Graalvm	22.0.0.2
Oracle	Jdk	17.0.2
Oracle	Jdk	18
Debian	Debian Linux	10.0
Debian	Debian Linux	11.0
Netapp	7-Mode Transition Tool	All versions
Netapp	Active Iq Unified Manager	All versions
Netapp	Cloud Insights	All versions
Netapp	E-Series Santricity Os Controller	11.0
Netapp	E-Series Santricity Storage Manager	All versions
Netapp	E-Series Santricity Web Services	All versions
Netapp	Oncommand Insight	All versions
Netapp	Oncommand Workflow Automation	All versions
Netapp	Santricity Unified Manager	All versions
Netapp	Solidfire\, Enterprise Sds \& Hci Storage Node	All versions
Netapp	Solidfire \& Hci Management Node	All versions
Netapp	Hci Compute Node	All versions
Azul	Zulu	15.38
Azul	Zulu	17.32
Azul	Zulu	18.28

References

http://www.openwall.com/lists/oss-security/2022/04/28/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/3Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/4Mailing List
http://www.openwall.com/lists/oss-security/2022/04/28/5Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/6Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/7Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/29/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/3Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/4Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/01/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/01/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/02/1Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20220429-0006/Third Party Advisory
https://www.debian.org/security/2022/dsa-5128Third Party Advisory
https://www.debian.org/security/2022/dsa-5131Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/3Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/4Mailing List
http://www.openwall.com/lists/oss-security/2022/04/28/5Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/6Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/28/7Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/29/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/3Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/04/30/4Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/01/1Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/01/2Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/05/02/1Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20220429-0006/Third Party Advisory
https://www.debian.org/security/2022/dsa-5128Third Party Advisory
https://www.debian.org/security/2022/dsa-5131Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Vendor Advisory

Timeline

Published: Apr 19, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-21449?

How severe is CVE-2022-21449?

CVE-2022-21449 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 46.68% probability of exploitation in the next 30 days.

How do I fix CVE-2022-21449?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-21449?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST