ID

VAR-202204-0596


CVE

CVE-2022-21434


TITLE

Oracle Java SE  and  Oracle GraalVM Enterprise Edition  In  Libraries  Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-001699

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). It exists that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security, bug fix, and enhancement update Advisory ID: RHSA-2022:1440-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1440 Issue date: 2022-04-20 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.15.0.9). (BZ#2047531) Security Fix(es): * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2047531 - Prepare for the next quarterly OpenJDK upstream release (2022-04, 11.0.15) [rhel-7] 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm ppc64: java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64.rpm ppc64le: java-11-openjdk-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.ppc64le.rpm s390x: java-11-openjdk-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.s390x.rpm x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.ppc64le.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.s390x.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-11-openjdk-11.0.15.0.9-2.el7_9.src.rpm x86_64: java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmAx+NzjgjWX9erEAQjH/Q/+LWdIlvKxvVPZ5cWaFA2ZTaQrMfJiad6H 3lauUSupgikqAiHVhFviBTMlNpLg38lrt2gMgjDFodSi9SEUT9qp0ig1bC9FBqGt XifysNiTI6pJCIZiQDUlIsguakgJYv8oiuAPfBYZafV5LrVbgQXRBSlybpghXd87 21DymPq84hWR32lFNgQscDUI5MBmmMjn69Ta3iiKi51q5apNAggAyW6XzsA3JJQL M3/j0i1HcY4ONTip0M0lWxfneS/JTm6PO3NODBlIbHIBjMH2Ve6hBAdv2k67VgAm MGzhhwufwvbtq1WGvXZCxLCsRL092PSSoar3Mu3bnT7Aop2iQf28D9Fivk+IS2Ra n6/+Q6qwvonIbhMKg1DoPITivbbJyZJ47LRq7uc5zhx62z5ipVhx0PJU0UhGifRX ZHtOeLAWh+yob2cOs/5U2lydQ5whdJVeWWI8uC7jW+4N21OEVtpPU4yZezB5YTPl N4549Z8EcOOAOr4EM0v74Kv9Frrw6LoVKcC9nhCc/jLTlchYCl7p5LcQs+4xSkNO 12mg+dQAibL4txGMGkJVJBc0jIhN8CWuLPORnvjbfAQ9D6/esWGNBMrZZmbbqn5y 5d2CgprQx3Rk+4kI66emdZClZYB4P6tykCpPlFAVNtHbGcHFDHLBtchu5unRBbyw gxhzoRdL38A=hHHS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For further information, refer to the release notes linked to in the References section. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For the oldstable distribution (buster), this problem has been fixed in version 11.0.15+10-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 11.0.15+10-1~deb11u1. We recommend that you upgrade your openjdk-11 packages. For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AUACgkQEMKTtsN8 TjYPqQ//acxZ7tw58VvpicLhG3iTGRpUcVEVZwCcs1EGSs5sBAT20Q/rvZNc932o //8ipzrsv1pZX4txFzDi9gI279f27RTIhb+vJCWblPoRt7rXVkB7N5TR0UT4IurP ZCDcKF0PaStHPPrD7ZvVVUSQU09cDvHb0ibNnuXguOLCji9sIaPoubIAJ+NAkMIM 54inl1f4FQSwf1yqvZbjlnSvsDmBQ7nGE//yyajhN+JY29SkZdseLRgkAtGsG9+G 8XshJHdAGSuIeCUpJzbcYFdeikwXzQNP0DhvBGyClNmYUS/C4w9KCo8ab6L1rWhQ vnVDIAdX4zH+GTxtZ7xuelNvYUwiTW4DhYHtEoU8UvrhzJJ0ZtidAdEhoLlxJkdK e767zzyHFx9qbd5UFgwn8XMoJKlkkJtThTARypBcbN7mq9j7bxGV0JGTm1K76KJp j2lIau4swGGkFWD2kTLVO5O/chj5l4gsxX2Mi9ipLiBeD2TVTwY/MV1iX5q4EVMg 3Kt4ZSw2AxgwCPzaaSTBpkRcwJyspsAzIQfkmhnJ170v9iUsf5hg3oJV+Mhxqm/F znuzj1FKQ++A50O+6fGPA48T2DRATM7BMGBbjzWjRJ7KEptHEFnBGdkCU33I0YSm MIYXEATq5Z7D5g5SX2WZLOReTr7Y/PLCd6FRZGcFvbs5zjcKSGM= =Ysyl -----END PGP SIGNATURE----- . 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP10

Trust: 2.43

sources: NVD: CVE-2022-21434 // JVNDB: JVNDB-2022-001699 // VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // PACKETSTORM: 166794 // PACKETSTORM: 166897 // PACKETSTORM: 169366 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 166901 // PACKETSTORM: 169256

AFFECTED PRODUCTS

vendor:日立model:ucosminexus service platformscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus application serverscope: - version: -

Trust: 1.6

vendor:日立model:ucosminexus primary server basescope: - version: -

Trust: 1.6

vendor:oraclemodel:jdkscope:eqversion:18

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:cloud secure agentscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:13.46

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:6.45

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:17.0.2

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:11.0.14

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:18

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.8.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:22.0.0.2

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:8.60

Trust: 1.0

vendor:netappmodel:7-mode transition toolscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:netappmodel:santricity unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.70.1

Trust: 1.0

vendor:netappmodel:cloud insights acquisition unitscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:7.52

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:11.54

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:15.38

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:17.32

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.8.0

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:18.28

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:21.3.1

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:17.0.2

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:11.0.14

Trust: 1.0

vendor:netappmodel:e-series santricity storage managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:日立model:ucosminexus operator for service platformscope: - version: -

Trust: 0.8

vendor:日立model:hitachi dynamic link managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus operatorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tuning managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server-rscope: - version: -

Trust: 0.8

vendor:日立model:hitachi automation directorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle java sescope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professional for plug-inscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle graalvmscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application runtime with java for apache tomcatscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus xml processorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi global link managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi tiered storage managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center common servicesscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus client for plug-inscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application server for developersscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:日立model:hitachi application serverscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center api configuration managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus clientscope: - version: -

Trust: 0.8

vendor:日立model:cosminexus developer's kit for javascope: - version: -

Trust: 0.8

vendor:日立model:hitachi replication managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center automatorscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer 01scope: - version: -

Trust: 0.8

vendor:日立model:プログラミング環境 for javascope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center administratorscope: - version: -

Trust: 0.8

vendor:日立model:hitachi configuration managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center viewpointscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professionalscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server standard-rscope: - version: -

Trust: 0.8

vendor:日立model:hitachi compute systems managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi device managerscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus client for atmscope: - version: -

Trust: 0.8

vendor:日立model:hitachi developer's kit for javascope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzer viewpointscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server lightscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus application server expressscope: - version: -

Trust: 0.8

vendor:日立model:ucosminexus developer professional for atmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001699 // NVD: CVE-2022-21434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-21434
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2022-21434
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-21434
value: MEDIUM

Trust: 0.8

VULHUB: VHN-407047
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-21434
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-21434
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-407047
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2022-21434
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2022-001699
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // JVNDB: JVNDB-2022-001699 // NVD: CVE-2022-21434 // NVD: CVE-2022-21434

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001699 // NVD: CVE-2022-21434

TYPE

info disclosure

Trust: 0.2

sources: PACKETSTORM: 169366 // PACKETSTORM: 169256

PATCH

title:hitachi-sec-2022-112 Software product security informationurl:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 0.8

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-21434

Trust: 0.1

title:Ubuntu Security Notice: USN-5388-1: OpenJDK vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-1

Trust: 0.1

title:Red Hat: Moderate: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225837 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224959 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: USN-5388-2: OpenJDK vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-2

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221487 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221442 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221440 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221488 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 8u332 Windows builds release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221492 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221441 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 11.0.15 security update for Portable Linux Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221435 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221444 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 11.0.15 security update for Windows Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221439 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 8u332 security update for Portable Linux Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221438 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221490 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221491 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221489 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224957 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221728 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222137 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221443 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 17.0.3 security update for Windows Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221437 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-17-openjdk security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221445 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 17.0.3 security update for Portable Linux Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221436 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-17-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221729 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5131-1 openjdk-11 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5c8840c405cfcf2d530316add80d95b7

Trust: 0.1

title:Debian Security Advisories: DSA-5128-1 openjdk-17 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c35e0aa61b24f917b1354b5d6ba66425

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.8.41 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222272 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Cryostat 2.1.0: new Cryostat on RHEL 8 container imagesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221679 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container imageurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221713 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.7.50 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221699 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: USN-5546-2: OpenJDK 8 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-2

Trust: 0.1

title:Ubuntu Security Notice: USN-5546-1: OpenJDK vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-1

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 3.11.705 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222281 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1791url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1791

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1790url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1790

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1778url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1778

Trust: 0.1

title:Amazon Linux 2: ALAS2CORRETTO8-2022-002url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2CORRETTO8-2022-002

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222216 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging Security and Bug update Release (5.2.10)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222218 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222217 - Security Advisory

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Centerurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-113

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-112

Trust: 0.1

title:Amazon Linux 2: ALAS2JAVA-OPENJDK11-2022-002url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2JAVA-OPENJDK11-2022-002

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221622 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Release of OpenShift Serverless Version 1.22.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1633url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1633

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1631url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1631

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1835url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1835

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-21434 // JVNDB: JVNDB-2022-001699

EXTERNAL IDS

db:NVDid:CVE-2022-21434

Trust: 3.5

db:JVNDBid:JVNDB-2022-001699

Trust: 0.8

db:PACKETSTORMid:167378

Trust: 0.2

db:PACKETSTORMid:167454

Trust: 0.2

db:PACKETSTORMid:167456

Trust: 0.1

db:PACKETSTORMid:167385

Trust: 0.1

db:PACKETSTORMid:167327

Trust: 0.1

db:PACKETSTORMid:167008

Trust: 0.1

db:PACKETSTORMid:167980

Trust: 0.1

db:PACKETSTORMid:167388

Trust: 0.1

db:PACKETSTORMid:166967

Trust: 0.1

db:PACKETSTORMid:167122

Trust: 0.1

db:PACKETSTORMid:167088

Trust: 0.1

db:PACKETSTORMid:167164

Trust: 0.1

db:PACKETSTORMid:167142

Trust: 0.1

db:PACKETSTORMid:167140

Trust: 0.1

db:PACKETSTORMid:167942

Trust: 0.1

db:PACKETSTORMid:167271

Trust: 0.1

db:PACKETSTORMid:167979

Trust: 0.1

db:PACKETSTORMid:166954

Trust: 0.1

db:VULHUBid:VHN-407047

Trust: 0.1

db:VULMONid:CVE-2022-21434

Trust: 0.1

db:PACKETSTORMid:166794

Trust: 0.1

db:PACKETSTORMid:166897

Trust: 0.1

db:PACKETSTORMid:169366

Trust: 0.1

db:PACKETSTORMid:166901

Trust: 0.1

db:PACKETSTORMid:169256

Trust: 0.1

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // JVNDB: JVNDB-2022-001699 // PACKETSTORM: 166794 // PACKETSTORM: 166897 // PACKETSTORM: 169366 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 166901 // PACKETSTORM: 169256 // NVD: CVE-2022-21434

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2022-21434

Trust: 1.5

url:https://security.netapp.com/advisory/ntap-20220429-0006/

Trust: 1.2

url:https://www.debian.org/security/2022/dsa-5128

Trust: 1.2

url:https://www.debian.org/security/2022/dsa-5131

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html

Trust: 1.2

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-21443

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-21496

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-21426

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-21476

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-21443

Trust: 0.5

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-21434

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-21496

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2022-21426

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-21476

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-21449

Trust: 0.3

url:https://www.debian.org/security/faq

Trust: 0.2

url:https://www.debian.org/security/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2022-21434

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5388-1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1440

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1435

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openjdk/11/html/installing_and_using_openjdk_11_on_rhel/installing-openjdk11-on-rhel8#installing-jdk11-on-rhel-using-archive_openjdk

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openjdk-11

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-35561

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4957

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35561

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21299

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21299

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21449

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1436

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openjdk/17/html/installing_and_using_openjdk_17_on_rhel/installing-openjdk11-on-rhel8_openjdk#installing-jdk11-on-rhel-using-archive_openjdk

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openjdk-17

Trust: 0.1

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // JVNDB: JVNDB-2022-001699 // PACKETSTORM: 166794 // PACKETSTORM: 166897 // PACKETSTORM: 169366 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 166901 // PACKETSTORM: 169256 // NVD: CVE-2022-21434

CREDITS

Red Hat

Trust: 0.5

sources: PACKETSTORM: 166794 // PACKETSTORM: 166897 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 166901

SOURCES

db:VULHUBid:VHN-407047
db:VULMONid:CVE-2022-21434
db:JVNDBid:JVNDB-2022-001699
db:PACKETSTORMid:166794
db:PACKETSTORMid:166897
db:PACKETSTORMid:169366
db:PACKETSTORMid:167378
db:PACKETSTORMid:167454
db:PACKETSTORMid:166901
db:PACKETSTORMid:169256
db:NVDid:CVE-2022-21434

LAST UPDATE DATE

2024-11-07T21:28:27.296000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-407047date:2022-07-28T00:00:00
db:VULMONid:CVE-2022-21434date:2023-04-27T00:00:00
db:JVNDBid:JVNDB-2022-001699date:2023-09-06T07:19:00
db:NVDid:CVE-2022-21434date:2024-06-21T19:15:22.170

SOURCES RELEASE DATE

db:VULHUBid:VHN-407047date:2022-04-19T00:00:00
db:VULMONid:CVE-2022-21434date:2022-04-19T00:00:00
db:JVNDBid:JVNDB-2022-001699date:2022-05-10T00:00:00
db:PACKETSTORMid:166794date:2022-04-21T15:08:25
db:PACKETSTORMid:166897date:2022-04-29T12:36:03
db:PACKETSTORMid:169366date:2022-05-28T19:12:00
db:PACKETSTORMid:167378date:2022-06-03T15:37:50
db:PACKETSTORMid:167454date:2022-06-09T16:10:41
db:PACKETSTORMid:166901date:2022-04-29T12:36:50
db:PACKETSTORMid:169256date:2022-05-28T19:12:00
db:NVDid:CVE-2022-21434date:2022-04-19T21:15:15.387