cvelistv5 - cve-2026-22013

CVE-2026-22013 (GCVE-0-2026-22013)

Vulnerability from cvelistv5

Published

2026-04-21 20:35

Modified

2026-04-22 14:09

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

References

URL

Tags

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

Impacted products

Vendor

Product

Version

Oracle Corporation

Oracle Java SE

Version: 8u481
Version: 8u481-b50
Version: 8u481-perf
Version: 11.0.30
Version: 17.0.18
Version: 21.0.10
Version: 25.0.2
Version: 26

	Oracle Corporation	Oracle GraalVM for JDK	Version: 17.0.18 Version: 21.0.10
	Oracle Corporation	Oracle GraalVM Enterprise Edition	Version: 21.3.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:09:34.920958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:09:54.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u481"
            },
            {
              "status": "affected",
              "version": "8u481-b50"
            },
            {
              "status": "affected",
              "version": "8u481-perf"
            },
            {
              "status": "affected",
              "version": "11.0.30"
            },
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            },
            {
              "status": "affected",
              "version": "25.0.2"
            },
            {
              "status": "affected",
              "version": "26"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.18"
            },
            {
              "status": "affected",
              "version": "21.0.10"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.17"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "b50",
                  "versionStartIncluding": "8u481",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:08.836Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22013",
    "datePublished": "2026-04-21T20:35:08.836Z",
    "dateReserved": "2026-01-05T18:07:34.727Z",
    "dateUpdated": "2026-04-22T14:09:54.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-22013\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-22T14:09:34.920958Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-693\", \"description\": \"CWE-693 Protection Mechanism Failure\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-22T14:09:47.511Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle Java SE\", \"versions\": [{\"status\": \"affected\", \"version\": \"8u481\"}, {\"status\": \"affected\", \"version\": \"8u481-b50\"}, {\"status\": \"affected\", \"version\": \"8u481-perf\"}, {\"status\": \"affected\", \"version\": \"11.0.30\"}, {\"status\": \"affected\", \"version\": \"17.0.18\"}, {\"status\": \"affected\", \"version\": \"21.0.10\"}, {\"status\": \"affected\", \"version\": \"25.0.2\"}, {\"status\": \"affected\", \"version\": \"26\"}]}, {\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle GraalVM for JDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.0.18\"}, {\"status\": \"affected\", \"version\": \"21.0.10\"}]}, {\"vendor\": \"Oracle Corporation\", \"product\": \"Oracle GraalVM Enterprise Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"21.3.17\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuapr2026.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS).  Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and  21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:oracle:java_se:8u481:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"b50\", \"versionStartIncluding\": \"8u481\"}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:8u481:*:*:*:enterprise_performance:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:11.0.30:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:17.0.18:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:21.0.10:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:25.0.2:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:java_se:26:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2026-04-21T20:35:08.836Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-22013\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-22T14:09:54.302Z\", \"dateReserved\": \"2026-01-05T18:07:34.727Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2026-04-21T20:35:08.836Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0550

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	AIX	AIX 7.2 et 7.3 sans le correctif 301610mc.260424.epkg.Z
IBM	Sterling	IBM Sterling Transformation Extender versions 11.0.0.0 sans le correctif PH71092
IBM	Sterling	IBM Sterling Transformation Extender versions 10.1.0.3 sans le correctif PH71092
IBM	QRadar	SOAR QRadar Plugin App versions antérieures à 5.6.4
IBM	QRadar	QRadar AI Assistant versions antérieures à 1.5.0
IBM	Sterling	IBM Sterling Transformation Extender versions 10.1.1.2 sans le correctif PH71092
IBM	Sterling	IBM Sterling Transformation Extender versions 10.1.2.2 sans le correctif PH71092
IBM	VIOS	VIOS 4.1 sans le correctif 301610mc.260424.epkg.Z

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7271707	2026-05-05	vendor-advisory
Bulletin de sécurité IBM 7271922	2026-05-06	vendor-advisory
Bulletin de sécurité IBM 7271681	2026-05-04	vendor-advisory
Bulletin de sécurité IBM 7271765	2026-05-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AIX 7.2 et 7.3 sans le correctif 301610mc.260424.epkg.Z",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 11.0.0.0 sans le correctif PH71092",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 10.1.0.3 sans le correctif PH71092",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.4",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar AI Assistant versions ant\u00e9rieures \u00e0 1.5.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 10.1.1.2 sans le correctif PH71092",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 10.1.2.2 sans le correctif PH71092",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS 4.1 sans le correctif 301610mc.260424.epkg.Z",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-40087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40087"
    },
    {
      "name": "CVE-2026-39892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
    },
    {
      "name": "CVE-2026-33123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33123"
    },
    {
      "name": "CVE-2026-22013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
    },
    {
      "name": "CVE-2026-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
    },
    {
      "name": "CVE-2026-34073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
    },
    {
      "name": "CVE-2021-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
    },
    {
      "name": "CVE-2025-62718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
    },
    {
      "name": "CVE-2026-25645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25645"
    },
    {
      "name": "CVE-2026-4800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
    },
    {
      "name": "CVE-2026-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
    },
    {
      "name": "CVE-2026-28389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
    },
    {
      "name": "CVE-2026-33671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
    },
    {
      "name": "CVE-2026-34515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34515"
    },
    {
      "name": "CVE-2026-34519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34519"
    },
    {
      "name": "CVE-2026-40175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
    },
    {
      "name": "CVE-2026-34518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34518"
    },
    {
      "name": "CVE-2026-34525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34525"
    },
    {
      "name": "CVE-2026-28387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
    },
    {
      "name": "CVE-2026-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
    },
    {
      "name": "CVE-2026-4539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4539"
    },
    {
      "name": "CVE-2026-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
    },
    {
      "name": "CVE-2026-22016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
    },
    {
      "name": "CVE-2026-22021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
    },
    {
      "name": "CVE-2026-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
    },
    {
      "name": "CVE-2026-27124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27124"
    },
    {
      "name": "CVE-2026-34268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
    },
    {
      "name": "CVE-2026-28390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
    },
    {
      "name": "CVE-2026-33672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
    },
    {
      "name": "CVE-2026-27459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
    },
    {
      "name": "CVE-2026-34516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34516"
    },
    {
      "name": "CVE-2026-27448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
    },
    {
      "name": "CVE-2026-31789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
    },
    {
      "name": "CVE-2026-34517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34517"
    },
    {
      "name": "CVE-2026-32871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32871"
    },
    {
      "name": "CVE-2026-34513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34513"
    },
    {
      "name": "CVE-2026-34514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34514"
    },
    {
      "name": "CVE-2026-34520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34520"
    },
    {
      "name": "CVE-2025-64340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64340"
    },
    {
      "name": "CVE-2026-28804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
    },
    {
      "name": "CVE-2026-29063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
    },
    {
      "name": "CVE-2026-22815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22815"
    },
    {
      "name": "CVE-2025-13465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
    },
    {
      "name": "CVE-2025-67221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
    },
    {
      "name": "CVE-2026-25547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
    },
    {
      "name": "CVE-2026-31790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
    },
    {
      "name": "CVE-2026-34070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34070"
    }
  ],
  "initial_release_date": "2026-05-07T00:00:00",
  "last_revision_date": "2026-05-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0550",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-05-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271707",
      "url": "https://www.ibm.com/support/pages/node/7271707"
    },
    {
      "published_at": "2026-05-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271922",
      "url": "https://www.ibm.com/support/pages/node/7271922"
    },
    {
      "published_at": "2026-05-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271681",
      "url": "https://www.ibm.com/support/pages/node/7271681"
    },
    {
      "published_at": "2026-05-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7271765",
      "url": "https://www.ibm.com/support/pages/node/7271765"
    }
  ]
}

CERTFR-2026-AVI-0468

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle GraalVM Enterprise Edition version 21.3.17
Oracle	Java SE	Oracle Java SE version 25.0.1
Oracle	Java SE	Oracle Java SE version 17.0.18
Oracle	Java SE	Oracle Java SE version 26
Oracle	Java SE	Oracle Java SE version 25.0.2
Oracle	Java SE	Oracle GraalVM for JDK version 21.0.10
Oracle	Java SE	Oracle GraalVM for JDK version 17.0.18
Oracle	Java SE	Oracle Java SE version 11.0.30
Oracle	Java SE	Oracle Java SE version 8u481-perf
Oracle	Java SE	Oracle Java SE version 21.0.10
Oracle	Java SE	Oracle Java SE version 8u481
Oracle	Java SE	Oracle Java SE version 8u481-b50

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Java SE cpuapr2026

2026-04-21

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle GraalVM Enterprise Edition version 21.3.17",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 25.0.1",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 17.0.18",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 26",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 25.0.2",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 21.0.10",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 17.0.18",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 11.0.30",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u481-perf",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 21.0.10",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u481",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u481-b50",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-20652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
    },
    {
      "name": "CVE-2026-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
    },
    {
      "name": "CVE-2026-22013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
    },
    {
      "name": "CVE-2026-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
    },
    {
      "name": "CVE-2026-34282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
    },
    {
      "name": "CVE-2026-22003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22003"
    },
    {
      "name": "CVE-2026-23865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
    },
    {
      "name": "CVE-2026-20608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
    },
    {
      "name": "CVE-2026-20636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
    },
    {
      "name": "CVE-2026-20635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
    },
    {
      "name": "CVE-2026-22016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
    },
    {
      "name": "CVE-2026-22021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
    },
    {
      "name": "CVE-2026-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
    },
    {
      "name": "CVE-2026-34268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
    },
    {
      "name": "CVE-2026-20644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
    },
    {
      "name": "CVE-2025-43457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
    },
    {
      "name": "CVE-2026-22008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
    }
  ],
  "initial_release_date": "2026-04-22T00:00:00",
  "last_revision_date": "2026-04-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0468",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": "2026-04-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuapr2026",
      "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-22013 (GCVE-0-2026-22013)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0550

Vulnerability from certfr_avis

Solutions

CERTFR-2026-AVI-0468

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature