Details of VAR-202204-0593

ID

VAR-202204-0593

CVE

CVE-2022-21426

TITLE

Oracle Java SE and Oracle GraalVM Enterprise Edition In JAXP Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-001698

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Summary: New Cryostat 2.1.0 on RHEL 8 container images are now available 2. Users of these images are also encouraged to rebuild all container images that depend on these images. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:2270 Space precludes documenting all of the container images in this advisory. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-x86_64 The image digest is sha256:4ebcb3aea63d4acbb92118d3ae7ed08d3ebb1a66e7f79fddbb4da74883a12d0a (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-s390x The image digest is sha256:5ed0fc5b89e3ec257db50f936f788492211e4de4a741f930191ab2d3bc7ceec3 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-ppc64le The image digest is sha256:908ec3688cc152b15faaea3f71bb4ba59565df60e9846f08fcd15a6c2b43274a All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2057544 - Cancel rpm-ostree transaction after failed rebase 2058674 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff 2062655 - [4.8.z backport] cluster scaling new nodes ovs-configuration fails on all new nodes 2070762 - [4.8z] WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2074053 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling 2074680 - csv_succeeded metric not present in olm-operator for all successful CSVs 2076211 - CVE-2022-1677 openshift/router: route hijacking attack via crafted HAProxy configuration file 2077004 - Bump to latest available 1.21.11 k8s 2077370 - [4.8.z] NetworkPolicy tests are failing on metal IPv6 2077765 - (release-4.8) Gather namespace names with overlapping UID ranges 2078477 - Latest ose-jenkins-agent-base:v4.9.0 image fails to start on OpenShift due to FIPS error 2084259 - [4.8] OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2088196 - Redfish set boot device failed for node in OCP 4.8 latest RC 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2022:1442-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1442 Issue date: 2022-04-20 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Security Fix(es): * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: java-11-openjdk-11.0.15.0.9-2.el8_5.src.rpm aarch64: java-11-openjdk-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.aarch64.rpm ppc64le: java-11-openjdk-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.ppc64le.rpm s390x: java-11-openjdk-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.s390x.rpm x86_64: java-11-openjdk-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmAyANzjgjWX9erEAQgTGw//a84AkLLhZU8iQDd7ecaS/EcNnUOXFJ0Q CoHN4WRcj3RibRben6W9zQ65PnA28pUds3SgRbR1tV6xrF5s5QoinqP+gqS7F6hv g+wd9/905dhwuM2Gtob36nuzunkYdtNv9epMfrrLaFjEytBgiIQqvcz4aXedtJdB 0PjUVtH8yJMclzNNlQHj7v6bWKK5jofPo1If1hA+XLxGn/9jbQ3hxLBK5s3Q7oWy 6OE7uW4pn33sGmYN9ZhKXfV3mXgEjNIeI6BK33+csw9mjiSKiwOB1aWqrjjpGxFl iz46yLCprguxHCTzlKrIaqYiL8a9jwVCgRPD5bdELDcSXpUTYC2CAlTlT7EV9OP5 8OVefLnHODX4zgjKY57v01FLYpEi9y8NnYufE7AOHJOILpRUACwvujLNGUYLAi6f fbMniQdtYsQAcNbIsmpRJRM5QDNXYISGkQjSGyC/8vEWCjNtSFnfNYEuOaL9diXx eAzwjDcXJwxxQNUStudqge7D9bnCB77tjGDsiWBs3zymtnvwdpOOttyAfUNrkyHC sChuZbAqpI2q86cmKl1ach1yGLzlfUL03CAB07VH/JK4e87XVqt/ssu+PZt658vb xtLTeggHbcfenkNKwgmx/jaY0LrGtf4aJ5oy4M+A57djeuepb4cevMjGdq+uPV/5 qAZpBpzOUoQ\xa7pd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. ========================================================================= Ubuntu Security Notice USN-5546-2 August 04, 2022 openjdk-8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in OpenJDK 8. Software Description: - openjdk-8: Open Source Java implementation Details: USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17 and OpenJDK 18. (CVE-2022-21449) It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21426) It was discovered that OpenJDK incorrectly handled converting certain object arguments into their textual representations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21434) It was discovered that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21443) It was discovered that OpenJDK incorrectly validated certain paths. An attacker could possibly use this issue to bypass the secure validation feature and expose sensitive information in XML files. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21476) It was discovered that OpenJDK incorrectly parsed certain URI strings. An attacker could possibly use this issue to make applications accept invalid of malformed URI strings. This issue was fixed in OpenJDK 8 and OpenJDK 18. USN-5388-1 and USN-5388-2 addressed this issue in OpenJDK 11 and OpenJDK 17. (CVE-2022-21496) It was discovered that OpenJDK incorrectly generated class code in the Hotspot component. An attacker could possibly use this issue to obtain sensitive information. (CVE-2022-21540) It was dicovered that OpenJDK incorrectly restricted access to the invokeBasic() method in the Hotspot component. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2022-21541) It was discovered that OpenJDK incorrectly computed exponentials. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 17. (CVE-2022-21549) It was discovered that OpenJDK includes a copy of Xalan that incorrectly handled integer truncation. An attacker could possibly use this issue to execute arbitrary code. (CVE-2022-34169) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: openjdk-8-jdk 8u342-b07-0ubuntu1~16.04 openjdk-8-jre 8u342-b07-0ubuntu1~16.04 openjdk-8-jre-headless 8u342-b07-0ubuntu1~16.04 openjdk-8-jre-zero 8u342-b07-0ubuntu1~16.04 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5546-2 https://ubuntu.com/security/notices/USN-5546-1 CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169

Trust: 2.43

sources: NVD: CVE-2022-21426 // JVNDB: JVNDB-2022-001698 // VULHUB: VHN-407039 // PACKETSTORM: 167980 // PACKETSTORM: 167385 // PACKETSTORM: 167088 // PACKETSTORM: 167271 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 166901 // PACKETSTORM: 167979

AFFECTED PRODUCTS

vendor:	日立	model:	ucosminexus service platform	scope:	-	version:	-	Trust: 1.6
vendor:	日立	model:	ucosminexus application server	scope:	-	version:	-	Trust: 1.6
vendor:	日立	model:	ucosminexus primary server base	scope:	-	version:	-	Trust: 1.6
vendor:	oracle	model:	jre	scope:	eq	version:	18	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	netapp	model:	santricity unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	17.32	Trust: 1.0
vendor:	netapp	model:	cloud insights acquisition unit	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	solidfire\, enterprise sds \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	22.0.0.2	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity storage manager	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	11.54	Trust: 1.0
vendor:	netapp	model:	7-mode transition tool	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	15.38	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	13.46	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	18	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	20.3.5	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	21.3.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.70.1	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	6.45	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	18.28	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	7.52	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	8.60	Trust: 1.0
vendor:	日立	model:	ucosminexus operator for service platform	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	jdk	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi dynamic link manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus operator	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi tuning manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server-r	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi automation director	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer professional for plug-in	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle graalvm	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application runtime with java for apache tomcat	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server smart edition	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus xml processor	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi global link manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi infrastructure analytics advisor	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi tiered storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center common services	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus client for plug-in	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi application server for developers	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer light	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi application server	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center api configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	jre	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus client	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	cosminexus developer's kit for java	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi replication manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center automator	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer 01	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	プログラミング環境 for java	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center administrator	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center viewpoint	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer professional	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server standard-r	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi compute systems manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi device manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus client for atm	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi developer's kit for java	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center analyzer viewpoint	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server light	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus application server express	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	ucosminexus developer professional for atm	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21426
value:	MEDIUM
Trust: 1.0
secalert_us@oracle.com:	CVE-2022-21426
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-21426
value:	MEDIUM
Trust: 0.8
VULHUB:	VHN-407039
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-21426
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-407039
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

secalert_us@oracle.com:	CVE-2022-21426
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-001698
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-407039 // JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426 // NVD: CVE-2022-21426

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 167980 // PACKETSTORM: 167979

PATCH

title:

hitachi-sec-2022-112 Software product security information

url:

https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-001698

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21426	Trust: 3.5
db:	JVNDB	id:	JVNDB-2022-001698	Trust: 0.8
db:	PACKETSTORM	id:	167385	Trust: 0.2
db:	PACKETSTORM	id:	167980	Trust: 0.2
db:	PACKETSTORM	id:	167088	Trust: 0.2
db:	PACKETSTORM	id:	167271	Trust: 0.2
db:	PACKETSTORM	id:	167979	Trust: 0.2
db:	PACKETSTORM	id:	167327	Trust: 0.1
db:	PACKETSTORM	id:	167378	Trust: 0.1
db:	PACKETSTORM	id:	167008	Trust: 0.1
db:	PACKETSTORM	id:	167388	Trust: 0.1
db:	PACKETSTORM	id:	166967	Trust: 0.1
db:	PACKETSTORM	id:	167122	Trust: 0.1
db:	PACKETSTORM	id:	167142	Trust: 0.1
db:	PACKETSTORM	id:	167164	Trust: 0.1
db:	PACKETSTORM	id:	167140	Trust: 0.1
db:	PACKETSTORM	id:	166954	Trust: 0.1
db:	VULHUB	id:	VHN-407039	Trust: 0.1
db:	PACKETSTORM	id:	166799	Trust: 0.1
db:	PACKETSTORM	id:	166792	Trust: 0.1
db:	PACKETSTORM	id:	166901	Trust: 0.1

sources: VULHUB: VHN-407039 // JVNDB: JVNDB-2022-001698 // PACKETSTORM: 167980 // PACKETSTORM: 167385 // PACKETSTORM: 167088 // PACKETSTORM: 167271 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 166901 // PACKETSTORM: 167979 // NVD: CVE-2022-21426

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-21426	Trust: 1.6
url:	https://security.netapp.com/advisory/ntap-20220429-0006/	Trust: 1.1
url:	https://www.debian.org/security/2022/dsa-5128	Trust: 1.1
url:	https://www.debian.org/security/2022/dsa-5131	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21443	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21496	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21434	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21476	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2022-21426	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21476	Trust: 0.6
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21496	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21443	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21434	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21449	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://ubuntu.com/security/notices/usn-5546-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21540	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21541	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-34169	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21549	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21449	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.2
url:	https://launchpad.net/ubuntu/+source/openjdk-8/8u342-b07-0ubuntu1~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-8/8u342-b07-0ubuntu1~20.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-17/17.0.4+8-1~18.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-17/17.0.4+8-1~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.16+8-0ubuntu1~20.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-18/18.0.2+9-2~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.16+8-0ubuntu1~22.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-17/17.0.4+8-1~20.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-8/8u342-b07-0ubuntu1~18.04	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.16+8-0ubuntu1~18.04	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1729	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3121	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3121	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1154	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1679	Trust: 0.1
url:	https://access.redhat.com/containers	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2272	Trust: 0.1
url:	https://access.redhat.com/errata/rhba-2022:2270	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1677	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1677	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1441	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1442	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1436	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openjdk/17/html/installing_and_using_openjdk_17_on_rhel/installing-openjdk11-on-rhel8_openjdk#installing-jdk11-on-rhel-using-archive_openjdk	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5546-2	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 167385 // PACKETSTORM: 167088 // PACKETSTORM: 167271 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 166901

SOURCES

db:	VULHUB	id:	VHN-407039
db:	JVNDB	id:	JVNDB-2022-001698
db:	PACKETSTORM	id:	167980
db:	PACKETSTORM	id:	167385
db:	PACKETSTORM	id:	167088
db:	PACKETSTORM	id:	167271
db:	PACKETSTORM	id:	166799
db:	PACKETSTORM	id:	166792
db:	PACKETSTORM	id:	166901
db:	PACKETSTORM	id:	167979
db:	NVD	id:	CVE-2022-21426

LAST UPDATE DATE

2024-12-21T22:51:47.636000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-407039	date:	2022-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2022-001698	date:	2023-09-06T07:19:00
db:	NVD	id:	CVE-2022-21426	date:	2024-11-21T06:44:40.450

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-407039	date:	2022-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2022-001698	date:	2022-05-10T00:00:00
db:	PACKETSTORM	id:	167980	date:	2022-08-05T14:51:20
db:	PACKETSTORM	id:	167385	date:	2022-06-03T15:56:14
db:	PACKETSTORM	id:	167088	date:	2022-05-11T16:48:11
db:	PACKETSTORM	id:	167271	date:	2022-05-26T16:32:44
db:	PACKETSTORM	id:	166799	date:	2022-04-21T15:09:12
db:	PACKETSTORM	id:	166792	date:	2022-04-21T15:08:01
db:	PACKETSTORM	id:	166901	date:	2022-04-29T12:36:50
db:	PACKETSTORM	id:	167979	date:	2022-08-05T14:51:13
db:	NVD	id:	CVE-2022-21426	date:	2022-04-19T21:15:15.157