CVE-2022-21628 Vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition.
- CVE-2018-3274 CVE-2018-3275 The Graal compiler in Oracle Java SE and Java SE Embedded 7 does not properly handle classloading during compilation of code that uses reflection, which allows remote attackers to execute arbitrary code via a crafted application that uses the Reflection API and is processed by a Graal compiler. User interaction is required to exploit this vulnerability. Successful attacks require that the target be connected to the attacker’s network. - CVE-2018-3276 The Graal compiler in Oracle Java SE and Java SE Embedded 7 does not properly handle classloading during compilation of code that uses reflection, which allows remote attackers to execute arbitrary code via a crafted application that uses the Reflection API and is processed by a Graal compiler. User interaction is required to exploit this vulnerability. Successful attacks require that the target be connected to the attacker’s network. - CVE-2018-3277 The Graal compiler in Oracle Java SE and Java SE Embedded 7 does not properly handle classloading during compilation of code that uses reflection, which allows remote attackers to execute arbitrary code via a crafted application that uses the Reflection API and is processed by a Graal compiler. User interaction is required to exploit this vulnerability. Successful attacks require that the target be connected to the attacker’s network
The version of Oracle Java is affected by multiple vulnerabilities
The vulnerabilities are found at the Graal compiler, which is used by many applications. The Graal compiler can be exploited when it handles classloading. All versions of Oracle Java SE and Java SE Embedded 7 are susceptible to exploitation.
Copyright
This blog post was created by Bridget G.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC