Sign-up

ID

VAR-202204-0593


CVE

CVE-2022-21426


TITLE

Oracle Java SE  and  Oracle GraalVM Enterprise Edition  In  JAXP  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-001698

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2058404 - CVE-2022-0759 kubeclient: kubeconfig parsing error can lead to MITM attacks 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2334 - [release-5.3] Events listing out of order in Kibana 6.8.1 LOG-2450 - http.max_header_size set to 128kb causes communication with elasticsearch to stop working LOG-2481 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.3] 6. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.41. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:2270 Space precludes documenting all of the container images in this advisory. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-x86_64 The image digest is sha256:4ebcb3aea63d4acbb92118d3ae7ed08d3ebb1a66e7f79fddbb4da74883a12d0a (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-s390x The image digest is sha256:5ed0fc5b89e3ec257db50f936f788492211e4de4a741f930191ab2d3bc7ceec3 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-ppc64le The image digest is sha256:908ec3688cc152b15faaea3f71bb4ba59565df60e9846f08fcd15a6c2b43274a All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2057544 - Cancel rpm-ostree transaction after failed rebase 2058674 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff 2062655 - [4.8.z backport] cluster scaling new nodes ovs-configuration fails on all new nodes 2070762 - [4.8z] WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2074053 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling 2074680 - csv_succeeded metric not present in olm-operator for all successful CSVs 2076211 - CVE-2022-1677 openshift/router: route hijacking attack via crafted HAProxy configuration file 2077004 - Bump to latest available 1.21.11 k8s 2077370 - [4.8.z] NetworkPolicy tests are failing on metal IPv6 2077765 - (release-4.8) Gather namespace names with overlapping UID ranges 2078477 - Latest ose-jenkins-agent-base:v4.9.0 image fails to start on OpenShift due to FIPS error 2084259 - [4.8] OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2088196 - Redfish set boot device failed for node in OCP 4.8 latest RC 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-17-openjdk security and bug fix update Advisory ID: RHSA-2022:1445-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1445 Issue date: 2022-04-20 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 ==================================================================== 1. Summary: An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper ECDSA signature verification (Libraries, 8277233) (CVE-2022-21449) * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-17] (BZ#2018189) * Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [rhel-8, openjdk-17] (BZ#2055396) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2018189 - Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-17] [rhel-8.5.0.z] 2055396 - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [rhel-8, openjdk-17] [rhel-8.5.0.z] 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075821 - CVE-2022-21449 OpenJDK: Improper ECDSA signature verification (Libraries, 8277233) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: java-17-openjdk-17.0.3.0.6-2.el8_5.src.rpm aarch64: java-17-openjdk-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-demo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-devel-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-headless-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-src-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.aarch64.rpm ppc64le: java-17-openjdk-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-demo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-devel-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-headless-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-src-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.ppc64le.rpm s390x: java-17-openjdk-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-demo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-devel-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-headless-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-src-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.s390x.rpm x86_64: java-17-openjdk-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-demo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-devel-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-headless-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-javadoc-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-javadoc-zip-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-jmods-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-src-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-static-libs-17.0.3.0.6-2.el8_5.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-demo-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-devel-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-devel-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-headless-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-headless-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-jmods-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-src-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-static-libs-fastdebug-17.0.3.0.6-2.el8_5.aarch64.rpm java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.aarch64.rpm ppc64le: java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-demo-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-devel-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-devel-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-headless-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-headless-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-jmods-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-src-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-static-libs-fastdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.ppc64le.rpm s390x: java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.s390x.rpm x86_64: java-17-openjdk-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-debugsource-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-demo-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-demo-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-devel-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-devel-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-devel-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-devel-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-devel-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-headless-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-headless-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-headless-fastdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-headless-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-headless-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-jmods-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-jmods-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-slowdebug-debuginfo-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-src-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-src-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-static-libs-fastdebug-17.0.3.0.6-2.el8_5.x86_64.rpm java-17-openjdk-static-libs-slowdebug-17.0.3.0.6-2.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmAx6tzjgjWX9erEAQgIbg//RrTA/PYckJ1FHMvQ7ehCTOtNh3gBim6o JTbMW6HntN03N56urAvUdpVBJ1RU/R1dlBO1CKP/YbocfOGNzeK/K+A0H8HR7T9z yPrUgDv8+wYBqVQCC+tYZO6RswXkclEusEONzvvdVBWTIYyfChTetXvES8T2JhwQ XH3dt1WqhiA23G45MyNj5wCxDa14RcZzvPrfm4kcj42EECquQN9J3tScbw7pNPfU 1fWA+zOlKavnsMuqAvCwArhLOTfpr5r5RgLUftqw5sIJrwIWGi6fN5Qo38UlX+1Z BE0OEMW/4oIsj/QT5rKERwZMp6mNsvpI/dZ+giqlrTCY1xFPom7bkdmwBweg4KAI pr6Tf2QW436yQmgm1GY2gRDlt2t0WdieYKmUiHrO/sW/JUbOUbpLPmGhJQWVK4zp DxxrTl5noZUsH+8ylnOZyLyK0A31iKhwOxaot4kRA0s7Wo5x8HQM9bgwF9H/V5AB YVpSsYyvV3au9xr7bDSl4P8/8DdWCuGRQamhWAEd4Nygz6ZTy1rNpUmlrQHbYI58 +f3EBGHFgo+DddE7g8rQ2sVnKyTtZJq1X2h3ZdT4MROwz3BfVtEOmm1j2nfSo/yn 3ywMBbPrXFSY6ybgFtPU7Kv1JVKhnpzCoe7UJQxu6PKhP9abSKDwBmTpBQyO6KPs v9i0M49e5Vc=IxWM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For the stable distribution (bullseye), these problems have been fixed in version 17.0.3+7-1~deb11u1. We recommend that you upgrade your openjdk-17 packages. For the detailed security status of openjdk-17 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-17 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJxl3wACgkQEMKTtsN8 Tja/zg/7BeUmTL3RGbn6PBexYoRYRGd5TIgkjajpMhKJfgMJezJ95sDP1jKZmZ7W 5W7R3iqBYUIjJl+wcoDpSN2HyApXNUkLTMeTbNgJCwipJwk4LG79zcXLxAtBqmJl hKt8ij5V4wQiou1NDhTYpGdLLQUQ8wQEX05veO5U80KYuMc2TzvRwsjzzAF1K3WM zEKV8HJ3SLJcnb24s2PLpoPZLaWerJurcUwQG01OJVlp4smvuBzw1imExMOG5P9D iX9CogACSoupamHCkpInajxtvzLx/Kb39obHOVIJmYlVJif9Vt4XMd+IRFv1ZiWK bvmsexifgn96D2Qc9uoHMKanMsqb5bjN+jtyRSq/BRpADManyU9O0NPFAxuqkBk2 Zj1YiljDHTHdMmp/lnpMZA8Zxnm7JVQlNxxvrBsLttiEhytCkhAxBOzprXg00yoH HQaRiOsPCDUTlvS73V3e5QfqTjWihUHiIwprxzL0nVIq7gZfwDs7/80QPZjm/yPK OwOLGSobA2J/iyEG5VlLEaxyOBeyAfw5uMR5iHe0TKofyxBXFdSo69/oYDB8CVYp ncJxX9e32EIrB/4aqCM9r/nVhos4QdwDfJIWncQVooQQisPd8zXLccSi9PkFxFQS k4BnXv70QlIq9PnWi209kPyaU3TcQwEYRjZJBZqYRESaHLLnPGw= =O0QV -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2022-21426 // JVNDB: JVNDB-2022-001698 // VULHUB: VHN-407039 // PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 166903 // PACKETSTORM: 166899 // PACKETSTORM: 167271 // PACKETSTORM: 166804 // PACKETSTORM: 166796 // PACKETSTORM: 169256

AFFECTED PRODUCTS

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus primary server basescope: - version: -

Trust: 1.6

vendor:oraclemodel:jrescope:eqversion:18

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.8.0

Trust: 1.0

vendor:netappmodel:santricity unified managerscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:17.32

Trust: 1.0

vendor:netappmodel:cloud insights acquisition unitscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:11.0.14

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:17.0.2

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:22.0.0.2

Trust: 1.0

vendor:netappmodel:cloud secure agentscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:netappmodel:e-series santricity storage managerscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:11.54

Trust: 1.0

vendor:netappmodel:7-mode transition toolscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:15.38

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:13.46

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:18

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.5

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:21.3.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.70.1

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:6.45

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:11.0.14

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.8.0

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:18.28

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:17.0.2

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:7.52

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:8.60

Trust: 1.0

vendor:日立model:ucosminexus operator for service platformscope: - version: -

Trust: 0.8

vendor:オラクルmodel:jdkscope: - version: -

Trust: 0.8

vendor:日立model:hitachi dynamic link managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus operatorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tuning managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server-rscope: - version: -

Trust: 0.8

vendor:日立model:hitachi automation directorscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professional for plug-inscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle graalvmscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application runtime with java for apache tomcatscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus xml processorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi global link managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tiered storage managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center common servicesscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus client for plug-inscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application server for developersscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application serverscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center api configuration managerscope: - version: -

Trust: 0.8

vendor:オラクルmodel:jrescope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus clientscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus developer's kit for javascope: - version: -

Trust: 0.8

vendor:日立model:hitachi replication managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center automatorscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer 01scope: - version: -

Trust: 0.8

vendor:日立model:プログラミング環境 for javascope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center administratorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi configuration managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center viewpointscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professionalscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standard-rscope: - version: -

Trust: 0.8

vendor:日立model:hitachi compute systems managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi device managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus client for atmscope: - version: -

Trust: 0.8

vendor:日立model:hitachi developer's kit for javascope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzer viewpointscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server lightscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server expressscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professional for atmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-21426
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2022-21426
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-21426
value: MEDIUM

Trust: 0.8

VULHUB: VHN-407039
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-21426
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-407039
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2022-21426
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-001698
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-407039 // JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426 // NVD: CVE-2022-21426

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426

TYPE

info disclosure

Trust: 0.1

sources: PACKETSTORM: 169256

PATCH

title:hitachi-sec-2022-112 Software product security informationurl:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-001698

EXTERNAL IDS

db:NVDid:CVE-2022-21426

Trust: 3.5

db:JVNDBid:JVNDB-2022-001698

Trust: 0.8

db:PACKETSTORMid:167122

Trust: 0.2

db:PACKETSTORMid:167140

Trust: 0.2

db:PACKETSTORMid:167271

Trust: 0.2

db:PACKETSTORMid:167385

Trust: 0.1

db:PACKETSTORMid:167327

Trust: 0.1

db:PACKETSTORMid:167378

Trust: 0.1

db:PACKETSTORMid:167008

Trust: 0.1

db:PACKETSTORMid:167388

Trust: 0.1

db:PACKETSTORMid:166967

Trust: 0.1

db:PACKETSTORMid:167980

Trust: 0.1

db:PACKETSTORMid:167088

Trust: 0.1

db:PACKETSTORMid:167142

Trust: 0.1

db:PACKETSTORMid:167164

Trust: 0.1

db:PACKETSTORMid:167979

Trust: 0.1

db:PACKETSTORMid:166954

Trust: 0.1

db:VULHUBid:VHN-407039

Trust: 0.1

db:PACKETSTORMid:166903

Trust: 0.1

db:PACKETSTORMid:166899

Trust: 0.1

db:PACKETSTORMid:166804

Trust: 0.1

db:PACKETSTORMid:166796

Trust: 0.1

db:PACKETSTORMid:169256

Trust: 0.1

sources: VULHUB: VHN-407039 // PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 166903 // PACKETSTORM: 166899 // PACKETSTORM: 167271 // PACKETSTORM: 166804 // PACKETSTORM: 166796 // PACKETSTORM: 169256 // JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-21426

Trust: 1.6

url:https://security.netapp.com/advisory/ntap-20220429-0006/

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5128

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5131

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21443

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21496

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21434

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21476

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21426

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-21476

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-21496

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-21443

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-21434

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.3

url:https://issues.jboss.org/):

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0759

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1154

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1154

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25636

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-25636

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-4028

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4028

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0759

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-21449

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2022:2218

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2217

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_windows/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1492

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1439

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openjdk/11/html/installing_and_using_openjdk_11_for_windows/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2272

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2022:2270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1677

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1677

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1443

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1445

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21449

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openjdk-17

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

sources: VULHUB: VHN-407039 // PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 166903 // PACKETSTORM: 166899 // PACKETSTORM: 167271 // PACKETSTORM: 166804 // PACKETSTORM: 166796 // PACKETSTORM: 169256 // JVNDB: JVNDB-2022-001698 // NVD: CVE-2022-21426

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 167140 // PACKETSTORM: 167122 // PACKETSTORM: 166903 // PACKETSTORM: 166899 // PACKETSTORM: 167271 // PACKETSTORM: 166804 // PACKETSTORM: 166796

SOURCES

db:VULHUBid:VHN-407039
db:PACKETSTORMid:167140
db:PACKETSTORMid:167122
db:PACKETSTORMid:166903
db:PACKETSTORMid:166899
db:PACKETSTORMid:167271
db:PACKETSTORMid:166804
db:PACKETSTORMid:166796
db:PACKETSTORMid:169256
db:JVNDBid:JVNDB-2022-001698
db:NVDid:CVE-2022-21426

LAST UPDATE DATE

2026-02-06T22:19:45.317000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-407039date:2022-07-28T00:00:00
db:JVNDBid:JVNDB-2022-001698date:2023-09-06T07:19:00
db:NVDid:CVE-2022-21426date:2024-11-21T06:44:40.450

SOURCES RELEASE DATE

db:VULHUBid:VHN-407039date:2022-04-19T00:00:00
db:PACKETSTORMid:167140date:2022-05-12T15:53:27
db:PACKETSTORMid:167122date:2022-05-12T15:38:35
db:PACKETSTORMid:166903date:2022-04-29T12:37:12
db:PACKETSTORMid:166899date:2022-04-29T12:36:31
db:PACKETSTORMid:167271date:2022-05-26T16:32:44
db:PACKETSTORMid:166804date:2022-04-21T15:10:06
db:PACKETSTORMid:166796date:2022-04-21T15:08:42
db:PACKETSTORMid:169256date:2022-05-28T19:12:00
db:JVNDBid:JVNDB-2022-001698date:2022-05-10T00:00:00
db:NVDid:CVE-2022-21426date:2022-04-19T21:15:15.157