| タイトル | Cosminexusにおける複数の脆弱性 |
|---|---|
| 概要 | Cosminexus Developer's Kit for Java(TM),および,Hitachi Developer's Kit for Javaに下記の脆弱性が存在します。 CVE-2026-22007, CVE-2026-22013, CVE-2026-22016, CVE-2026-22018, CVE-2026-22021, CVE-2026-23865, CVE-2026-34268, CVE-2026-34282 |
| 想定される影響 | 想定される影響については、ベンダ情報をご確認ください。 |
| 対策 | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| 公表日 | 2026年5月26日0:00 |
| 登録日 | 2026年5月27日13:53 |
| 最終更新日 | 2026年5月27日13:53 |
| 日立 |
| Hitachi Application Server Linux 10-11 - 10-11-04 |
| Hitachi Application Server Windows 10-10 - 10-10-04 |
| Hitachi Application Server Windows(x64) 10-10 - 10-11-05 |
| Hitachi Application Server for Developers Linux 10-11 - 10-11-04 |
| Hitachi Application Server for Developers Windows 10-10 - 10-10-04 |
| Hitachi Application Server for Developers Windows(x64) 10-10 - 10-11-05 |
| uCosminexus Application Runtime with Java for Apache Tomcat Linux 01-00 - 01-21 |
| uCosminexus Application Runtime with Java for Apache Tomcat Windows(x64) 01-20 - 01-21 |
| uCosminexus Application Runtime with Java for Spring Boot Linux 01-00 - 01-21 |
| uCosminexus Application Runtime with Java for Spring Boot Windows(x64) 01-20 - 01-21 |
| uCosminexus Application Server AIX 09-70 - 09-70-02 |
| uCosminexus Application Server AIX 11-00 - 11-00-02 |
| uCosminexus Application Server Linux 09-70 - 09-87-01 |
| uCosminexus Application Server Linux 11-00 - 11-70 |
| uCosminexus Application Server Windows 09-70 - 09-70-03 |
| uCosminexus Application Server Windows(x64) 09-70 - 09-87 |
| uCosminexus Application Server Windows(x64) 11-00 - 11-70 |
| uCosminexus Application Server(64) AIX 09-70 - 09-70-02 |
| uCosminexus Application Server(64) AIX 11-00 - 11-00-02 |
| uCosminexus Application Server(64) Linux 09-70 - 09-87-01 |
| uCosminexus Application Server(64) Linux 11-00 - 11-70 |
| uCosminexus Application Server(64) Windows 09-70 - 09-70-03 |
| uCosminexus Application Server(64) Windows(x64) 09-70 - 09-87 |
| uCosminexus Application Server(64) Windows(x64) 11-00 - 11-70 |
| uCosminexus Application Server-R AIX 09-70 - 09-70-02 |
| uCosminexus Application Server-R AIX 11-00 - 11-00-02 |
| uCosminexus Application Server-R Linux 09-70 - 09-87-01 |
| uCosminexus Application Server-R Linux 11-00 - 11-70 |
| uCosminexus Application Server-R Windows 09-70 - 09-70-03 |
| uCosminexus Application Server-R Windows(x64) 09-70 - 09-87 |
| uCosminexus Application Server-R Windows(x64) 11-00 - 11-70 |
| uCosminexus Client AIX 09-70 - 09-70-02 |
| uCosminexus Client AIX 11-00 - 11-00-02 |
| uCosminexus Client Linux 09-70 - 09-87-01 |
| uCosminexus Client Linux 11-00 - 11-70 |
| uCosminexus Client Windows 09-70 - 09-70-03 |
| uCosminexus Client Windows(x64) 09-70 - 09-87 |
| uCosminexus Client Windows(x64) 11-00 - 11-70 |
| uCosminexus Developer AIX 09-70 - 09-70-02 |
| uCosminexus Developer AIX 11-00 - 11-00-02 |
| uCosminexus Developer Linux 09-70 - 09-87-01 |
| uCosminexus Developer Linux 11-00 - 11-70 |
| uCosminexus Developer Windows 09-70 - 09-70-03 |
| uCosminexus Developer Windows(x64) 09-70 - 09-87 |
| uCosminexus Developer Windows(x64) 11-00 - 11-70 |
| uCosminexus Operator for Service Platform AIX 09-70 - 09-70-02 |
| uCosminexus Operator for Service Platform Linux 09-70 - 09-87-01 |
| uCosminexus Operator for Service Platform Windows 09-70 - 09-70-03 |
| uCosminexus Operator for Service Platform Windows(x64) 09-70 - 09-87 |
| uCosminexus Primary Server Base AIX 09-70 - 09-70-02 |
| uCosminexus Primary Server Base AIX 11-00 - 11-00-02 |
| uCosminexus Primary Server Base Linux 09-70 - 09-87-01 |
| uCosminexus Primary Server Base Linux 11-00 - 11-70 |
| uCosminexus Primary Server Base Windows 09-70 - 09-70-03 |
| uCosminexus Primary Server Base Windows(x64) 09-70 - 09-87 |
| uCosminexus Primary Server Base Windows(x64) 11-00 - 11-70 |
| uCosminexus Primary Server Base(64) AIX 09-70 - 09-70-02 |
| uCosminexus Primary Server Base(64) AIX 11-00 - 11-00-02 |
| uCosminexus Primary Server Base(64) Linux 09-70 - 09-87-01 |
| uCosminexus Primary Server Base(64) Linux 11-00 - 11-70 |
| uCosminexus Primary Server Base(64) Windows 09-70 - 09-70-03 |
| uCosminexus Primary Server Base(64) Windows(x64) 09-70 - 09-87 |
| uCosminexus Primary Server Base(64) Windows(x64) 11-00 - 11-70 |
| uCosminexus Service Architect AIX 09-70 - 09-70-02 |
| uCosminexus Service Architect AIX 11-00 - 11-00-02 |
| uCosminexus Service Architect Linux 09-70 - 09-87-01 |
| uCosminexus Service Architect Linux 11-00 - 11-70 |
| uCosminexus Service Architect Windows 09-70 - 09-70-03 |
| uCosminexus Service Architect Windows(x64) 09-70 - 09-87 |
| uCosminexus Service Architect Windows(x64) 11-00 - 11-70 |
| uCosminexus Service Platform AIX 09-70 - 09-70-02 |
| uCosminexus Service Platform AIX 11-00 - 11-00-02 |
| uCosminexus Service Platform Linux 09-70 - 09-87-01 |
| uCosminexus Service Platform Linux 11-00 - 11-70 |
| uCosminexus Service Platform Windows 09-70 - 09-70-03 |
| uCosminexus Service Platform Windows(x64) 09-70 - 09-87 |
| uCosminexus Service Platform Windows(x64) 11-00 - 11-70 |
| uCosminexus Service Platform(64) Windows 09-70 - 09-70-03 |
| uCosminexus Service Platform(64) Windows(x64) 09-70 - 09-87 |
| uCosminexus Service Platform(64) Windows(x64) 11-00 - 11-70 |
| uCosminexus Service Platform(64) AIX 09-70 - 09-70-02 |
| uCosminexus Service Platform(64) AIX 11-00 - 11-00-02 |
| uCosminexus Service Platform(64) Linux 09-70 - 09-87-01 |
| uCosminexus Service Platform(64) Linux 11-00 - 11-70 |
| No | 変更内容 | 変更日 |
|---|---|---|
| 1 | [2026年05月27日] 掲載 |
2026年5月27日13:53 |
| 概要 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
|---|---|
| 公表日 | 2026年4月22日6:16 |
| 登録日 | 2026年4月25日4:03 |
| 最終更新日 | 2026年4月27日21:14 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:* | |||||
| 概要 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). |
|---|---|
| 公表日 | 2026年4月22日6:16 |
| 登録日 | 2026年4月25日4:03 |
| 最終更新日 | 2026年4月27日21:15 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:* | |||||
| 概要 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
|---|---|
| 公表日 | 2026年4月22日6:16 |
| 登録日 | 2026年4月25日4:03 |
| 最終更新日 | 2026年4月27日21:16 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:* | |||||
| 概要 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
|---|---|
| 公表日 | 2026年4月22日6:16 |
| 登録日 | 2026年4月25日4:03 |
| 最終更新日 | 2026年4月27日21:17 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:* | |||||
| 概要 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
|---|---|
| 公表日 | 2026年4月22日6:16 |
| 登録日 | 2026年4月25日4:03 |
| 最終更新日 | 2026年4月27日21:18 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:* | |||||
| 概要 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 2.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
|---|---|
| 公表日 | 2026年4月22日6:16 |
| 登録日 | 2026年4月25日4:03 |
| 最終更新日 | 2026年4月27日21:19 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jre:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481_b50:*:*:-:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:* | |||||
| 概要 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10; Oracle GraalVM Enterprise Edition: 21.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
|---|---|
| 公表日 | 2026年4月22日6:16 |
| 登録日 | 2026年4月25日4:03 |
| 最終更新日 | 2026年4月27日21:20 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:oracle:jre:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jre:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jre:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:1.8.0:update481:*:*:enterprise_performance_pack:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:11.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:21.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:25.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:jdk:26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm:21.3.17:*:*:*:enterprise:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:17.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:graalvm_for_jdk:21.0.10:*:*:*:*:*:*:* | |||||