Oracle Java SE and GraalVM Enterprise Edition Scripting Component Vulnerability Allowing Unauthorized Data Modification

A vulnerability has been identified in the Oracle Java SE and Oracle GraalVM Enterprise Edition products, specifically in the Scripting component. Affected versions include Oracle Java SE 8u451, 8u451-perf, and 11.0.27, as well as Oracle GraalVM Enterprise Edition 21.3.14. This vulnerability, which is difficult to exploit, allows an unauthenticated attacker with network access via multiple protocols to compromise the affected Java environments. Successful exploitation could lead to unauthorized creation, deletion, or modification of critical data, or any data accessible within the Oracle Java SE or GraalVM Enterprise Edition environments. The vulnerability can be exploited through APIs in the Scripting component, such as via a web service that provides data to these APIs. It also affects Java deployments in clients running sandboxed Java Web Start applications or applets that load untrusted code from the internet and depend on the Java sandbox for security.

Impact

Exploitation of this vulnerability could result in unauthorized changes to critical data or any data accessible within the affected Oracle Java SE or GraalVM Enterprise Edition environments.