Multiple vulnerabilities in Oracle Java SE and GraalVM

Описание

Multiple vulnerabilities were found in Oracle Java SE and GraalVM. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Information disclosure vulnerability can be exploited to obtain sensitive information.
2. RCE vulnerability in Java XSLTcan be exploited to cause denial of service or execute arbitrary code.
3. Security vulnerability can be exploited to bypass security restrictions.

Первичный источник обнаружения

• Oracle Critical Patch Update Advisory - July 2022
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Oracle-Java-JRE-1.7.x
• Oracle-Java-JRE-1.8.x

Список CVE

• CVE-2022-21540
  high
• CVE-2022-34169
  critical
• CVE-2022-21549
  high
• CVE-2022-21541
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com