by using the sendMessage API with a crafted object. The attacker cannot inject malicious code using the Java language, but can instead use scripting languages such as JavaScript or Python. When Graal runs untrusted code, Graal cannot ensure that the code has not been altered or compromised by a remote attacker. If an attacker can inject malicious code, it can exploit this vulnerability. Note: This vulnerability applies to Oracle Java SE and not to Oracle's implementation of Java. Java is a trademark of Oracle. Graal is a trademark of Oracle. The issue can be exploited by an unauthenticated attacker via multiple ways such as By convincing users to visit an attacker controlled website that hosts a web application that hosts an untrusted code. By sending web application users a link that hosts an attacker controlled website that hosts a web application that hosts an untrusted code. By sending a link via email or instant message that hosts an attacker controlled website that hosts a web application that hosts an untrusted code. By convincing users to visit an attacker controlled website that hosts an untrusted Java web application that hosts an untrusted code. By convincing users to visit an attacker controlled website that hosts a web application that hosts an untrusted Java web application that hosts an untrusted code. The issue can be exploited by an unauthenticated attacker via multiple ways such as
Vulnerability Summary
The Java Runtime Environment (JRE) contains a vulnerability that can be exploited by an unauthenticated attacker. This vulnerability can be exploited by convincing users to visit an attacker controlled website that hosts a web application that hosts an untrusted code. The issue can be exploited by the following methods:
1. By convincing users to visit an attacker controlled website that hosts a web application that hosts an untrusted code.
2. By convincing users to visit an attacker controlled website that hosts a web application that hosts an untrusted Java web application that hosts an untrusted code.
3. By convincing users to visit an attacker controlled website that hosts a web application that hosts an untrusted Java web application that hosts an unauthenticated user's script code with privileges of the user running the script, without going through any authentication checks, and without checking access control lists on files read by the execution of this code.
4. By sending a link via email or instant message that hosts an attacker controlled website
that hosts a web application
that has been configured to run with its privileges set to the privileges of the current user, without going through any authentication checks, and without checking access control lists on files read by the execution of this code in order for it to load and execute successfully on behalf of the current user, but allows other scripts in this same webpage or applet file to execute as well with elevated privileges if they are able to load in parallel with this target
Vulnerability Scenario
An unauthenticated attacker who exploits the vulnerability can gain access to sensitive information.
The attacker can use the vulnerability to install malware on a vulnerable machine.
Timeline
Published on: 07/19/2022 22:15:00 UTC
Last modified on: 08/22/2022 15:08:00 UTC
References
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.debian.org/security/2022/dsa-5192
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/
- https://security.netapp.com/advisory/ntap-20220729-0009/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21549