Details of VAR-202204-0593

ID

VAR-202204-0593

CVE

CVE-2022-21426

TITLE

Oracle Java SE Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3780

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2022:1442-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1442 Issue date: 2022-04-20 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: java-11-openjdk-11.0.15.0.9-2.el8_5.src.rpm aarch64: java-11-openjdk-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.aarch64.rpm ppc64le: java-11-openjdk-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.ppc64le.rpm s390x: java-11-openjdk-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.s390x.rpm x86_64: java-11-openjdk-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmAyANzjgjWX9erEAQgTGw//a84AkLLhZU8iQDd7ecaS/EcNnUOXFJ0Q CoHN4WRcj3RibRben6W9zQ65PnA28pUds3SgRbR1tV6xrF5s5QoinqP+gqS7F6hv g+wd9/905dhwuM2Gtob36nuzunkYdtNv9epMfrrLaFjEytBgiIQqvcz4aXedtJdB 0PjUVtH8yJMclzNNlQHj7v6bWKK5jofPo1If1hA+XLxGn/9jbQ3hxLBK5s3Q7oWy 6OE7uW4pn33sGmYN9ZhKXfV3mXgEjNIeI6BK33+csw9mjiSKiwOB1aWqrjjpGxFl iz46yLCprguxHCTzlKrIaqYiL8a9jwVCgRPD5bdELDcSXpUTYC2CAlTlT7EV9OP5 8OVefLnHODX4zgjKY57v01FLYpEi9y8NnYufE7AOHJOILpRUACwvujLNGUYLAi6f fbMniQdtYsQAcNbIsmpRJRM5QDNXYISGkQjSGyC/8vEWCjNtSFnfNYEuOaL9diXx eAzwjDcXJwxxQNUStudqge7D9bnCB77tjGDsiWBs3zymtnvwdpOOttyAfUNrkyHC sChuZbAqpI2q86cmKl1ach1yGLzlfUL03CAB07VH/JK4e87XVqt/ssu+PZt658vb xtLTeggHbcfenkNKwgmx/jaY0LrGtf4aJ5oy4M+A57djeuepb4cevMjGdq+uPV/5 qAZpBpzOUoQ\xa7pd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size 2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty 5. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector. For further information, refer to the release notes linked to in the References section. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied

Trust: 1.71

sources: NVD: CVE-2022-21426 // VULHUB: VHN-407039 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 166954 // PACKETSTORM: 167388 // PACKETSTORM: 166903 // PACKETSTORM: 167378 // PACKETSTORM: 167142 // PACKETSTORM: 166900

AFFECTED PRODUCTS

vendor:	azul	model:	zulu	scope:	eq	version:	8.60	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	18.28	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity storage manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	21.3.1	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	7.52	Trust: 1.0
vendor:	netapp	model:	cloud insights acquisition unit	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	solidfire\, enterprise sds \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	17.32	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	15.38	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	netapp	model:	7-mode transition tool	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	santricity unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	11.54	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	13.46	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	18	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.70.1	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	18	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	20.3.5	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	22.0.0.2	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	6.45	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0

sources: NVD: CVE-2022-21426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21426
value:	MEDIUM
Trust: 1.0
secalert_us@oracle.com:	CVE-2022-21426
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202204-3780
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-407039
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-21426
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-407039
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

secalert_us@oracle.com:	CVE-2022-21426
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-407039 // CNNVD: CNNVD-202204-3780 // NVD: CVE-2022-21426 // NVD: CVE-2022-21426

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-21426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3780

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3780

PATCH

title:

Oracle Java SE Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=190896

Trust: 0.6

sources: CNNVD: CNNVD-202204-3780

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21426	Trust: 2.5
db:	PACKETSTORM	id:	167142	Trust: 0.8
db:	PACKETSTORM	id:	166954	Trust: 0.8
db:	PACKETSTORM	id:	167385	Trust: 0.7
db:	PACKETSTORM	id:	167327	Trust: 0.7
db:	PACKETSTORM	id:	167008	Trust: 0.7
db:	PACKETSTORM	id:	166967	Trust: 0.7
db:	PACKETSTORM	id:	167980	Trust: 0.7
db:	PACKETSTORM	id:	167088	Trust: 0.7
db:	PACKETSTORM	id:	167164	Trust: 0.7
db:	PACKETSTORM	id:	167271	Trust: 0.7
db:	PACKETSTORM	id:	167979	Trust: 0.7
db:	PACKETSTORM	id:	166804	Trust: 0.6
db:	PACKETSTORM	id:	166835	Trust: 0.6
db:	CS-HELP	id:	SB2022042559	Trust: 0.6
db:	CS-HELP	id:	SB2022042105	Trust: 0.6
db:	CS-HELP	id:	SB2022072010	Trust: 0.6
db:	CS-HELP	id:	SB2022042620	Trust: 0.6
db:	CS-HELP	id:	SB2022051325	Trust: 0.6
db:	CS-HELP	id:	SB2022041944	Trust: 0.6
db:	CS-HELP	id:	SB2022071332	Trust: 0.6
db:	CS-HELP	id:	SB2022072540	Trust: 0.6
db:	CS-HELP	id:	SB2022051742	Trust: 0.6
db:	CS-HELP	id:	SB2022042139	Trust: 0.6
db:	CS-HELP	id:	SB2022051235	Trust: 0.6
db:	CS-HELP	id:	SB2022050504	Trust: 0.6
db:	CS-HELP	id:	SB2022050424	Trust: 0.6
db:	CS-HELP	id:	SB2022070707	Trust: 0.6
db:	CS-HELP	id:	SB2022053122	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2373	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3865	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2360	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1808	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.2180	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3583	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3440	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1840	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3780	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3780	Trust: 0.6
db:	PACKETSTORM	id:	167378	Trust: 0.2
db:	PACKETSTORM	id:	167388	Trust: 0.2
db:	PACKETSTORM	id:	167122	Trust: 0.1
db:	PACKETSTORM	id:	167140	Trust: 0.1
db:	VULHUB	id:	VHN-407039	Trust: 0.1
db:	PACKETSTORM	id:	166799	Trust: 0.1
db:	PACKETSTORM	id:	166792	Trust: 0.1
db:	PACKETSTORM	id:	166903	Trust: 0.1
db:	PACKETSTORM	id:	166900	Trust: 0.1

sources: VULHUB: VHN-407039 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 166954 // PACKETSTORM: 167388 // PACKETSTORM: 166903 // PACKETSTORM: 167378 // PACKETSTORM: 167142 // PACKETSTORM: 166900 // CNNVD: CNNVD-202204-3780 // NVD: CVE-2022-21426

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.3
url:	https://security.netapp.com/advisory/ntap-20220429-0006/	Trust: 1.7
url:	https://www.debian.org/security/2022/dsa-5128	Trust: 1.7
url:	https://www.debian.org/security/2022/dsa-5131	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2022-21426	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21426	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2022-21443	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21443	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21476	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2022-21434	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21496	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2022-21476	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2022-21496	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21434	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050504	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3780	Trust: 0.6
url:	https://packetstormsecurity.com/files/166835/ubuntu-security-notice-usn-5388-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042620	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042105	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041944	Trust: 0.6
url:	https://packetstormsecurity.com/files/167980/ubuntu-security-notice-usn-5546-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166804/red-hat-security-advisory-2022-1443-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1808	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070707	Trust: 0.6
url:	https://packetstormsecurity.com/files/167088/red-hat-security-advisory-2022-1679-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022053122	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-21426/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2373	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3440	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3583	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051742	Trust: 0.6
url:	https://packetstormsecurity.com/files/167271/red-hat-security-advisory-2022-2272-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051325	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3865	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071332	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1840	Trust: 0.6
url:	https://packetstormsecurity.com/files/167142/red-hat-security-advisory-2022-2216-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166967/red-hat-security-advisory-2022-1713-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.2180	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb20220720108	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072540	Trust: 0.6
url:	https://packetstormsecurity.com/files/167327/red-hat-security-advisory-2022-2281-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167164/red-hat-security-advisory-2022-1699-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042559	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042139	Trust: 0.6
url:	https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/oracle-java-vulnerabilities-of-april-2022-38106	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2360	Trust: 0.6
url:	https://packetstormsecurity.com/files/167385/red-hat-security-advisory-2022-1729-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167979/ubuntu-security-notice-usn-5546-2.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051235	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050424	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/errata/rhsa-2022:1441	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1442	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8649	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25182	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25173	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25184	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8647	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25175	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25176	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25176	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0435	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8649	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25174	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0435	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25315	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25178	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0711	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25175	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1622	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0711	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25179	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24769	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8647	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25184	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25179	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25181	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25178	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25174	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24769	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25183	Trust: 0.1
url:	https://access.redhat.com/errata/rhba-2022:1621	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1728	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_windows/index	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1492	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2137	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43797	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25636	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25636	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4028	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4028	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37136	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2216	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21698	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21449	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openjdk/17/html/installing_and_using_openjdk_17_for_windows/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21449	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1437	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 166954 // PACKETSTORM: 167388 // PACKETSTORM: 166903 // PACKETSTORM: 167378 // PACKETSTORM: 167142 // PACKETSTORM: 166900

SOURCES

db:	VULHUB	id:	VHN-407039
db:	PACKETSTORM	id:	166799
db:	PACKETSTORM	id:	166792
db:	PACKETSTORM	id:	166954
db:	PACKETSTORM	id:	167388
db:	PACKETSTORM	id:	166903
db:	PACKETSTORM	id:	167378
db:	PACKETSTORM	id:	167142
db:	PACKETSTORM	id:	166900
db:	CNNVD	id:	CNNVD-202204-3780
db:	NVD	id:	CVE-2022-21426

LAST UPDATE DATE

2024-11-07T21:48:35.116000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-407039	date:	2022-07-28T00:00:00
db:	CNNVD	id:	CNNVD-202204-3780	date:	2023-07-04T00:00:00
db:	NVD	id:	CVE-2022-21426	date:	2023-04-27T17:53:04.237

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-407039	date:	2022-04-19T00:00:00
db:	PACKETSTORM	id:	166799	date:	2022-04-21T15:09:12
db:	PACKETSTORM	id:	166792	date:	2022-04-21T15:08:01
db:	PACKETSTORM	id:	166954	date:	2022-05-04T21:42:33
db:	PACKETSTORM	id:	167388	date:	2022-06-03T15:59:53
db:	PACKETSTORM	id:	166903	date:	2022-04-29T12:37:12
db:	PACKETSTORM	id:	167378	date:	2022-06-03T15:37:50
db:	PACKETSTORM	id:	167142	date:	2022-05-12T15:55:09
db:	PACKETSTORM	id:	166900	date:	2022-04-29T12:36:41
db:	CNNVD	id:	CNNVD-202204-3780	date:	2022-04-19T00:00:00
db:	NVD	id:	CVE-2022-21426	date:	2022-04-19T21:15:15.157