var-202204-0596
Vulnerability from variot
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Bug Fix(es):
-
Enable the import of plain keys into the NSS Software Token while in FIPS mode [rhel-8, openjdk-17] (BZ#2018189)
-
Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode [rhel-8, openjdk-17] (BZ#2055396)
-
8) - aarch64, ppc64le, s390x, x86_64
-
Description:
New Cryostat 2.1.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes and addressing the following security vulnerability: CVE-2021-3121 (see References)
Users of Cryostat 2.0.0 on RHEL 8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
You can find images updated by this advisory in Red Hat Container Catalog (see References). Solution:
The Cryostat 2 on RHEL 8 container images provided by this update can be downloaded from the Red Hat Container Registry at registry.redhat.io.
Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: java-1.8.0-ibm security update Advisory ID: RHSA-2022:4959-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2022:4959 Issue date: 2022-06-08 CVE Names: CVE-2021-35561 CVE-2022-21434 CVE-2022-21443 CVE-2022-21496 ==================================================================== 1. Summary:
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64
- Description:
IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update upgrades IBM Java SE 8 to version 8 SR7-FP10.
Security Fix(es):
-
OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561)
-
OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)
-
OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443)
-
OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of IBM Java must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)
- Package List:
Red Hat Enterprise Linux Client Supplementary (v. 7):
x86_64: java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Supplementary (v. 7):
x86_64: java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 7):
ppc64: java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.ppc64.rpm java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.ppc64.rpm
ppc64le: java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm
s390x: java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.s390x.rpm java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.s390x.rpm
x86_64: java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 7):
x86_64: java-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm java-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIUAwUBYqFNjNzjgjWX9erEAQgiIA/1FWxZFUVh5VUuwfuL4q1F2+a34xaDFJRC BHEFyCQS6s4VTItl0+M+qSa/Hme2JXg0ro2UpkCN22Te3H65kc+OxvZY04IyAmsr vk2xFLb2O5NXNh6tFvJF0ldnQMCXTTvFUOXonvR3oWzmI2rYoVPu9Eoyk5IIK+// mP/RocS+E7k2DS1HrqU+n+7YEIjw8Ccta6yJN/nVLuvP6829vOCVPvDVVpxOeym4 MYUuCO1vVnYdeTqRtqm4bdUbnEV7Rj+3GwbPfhe0PTTCRPmRZBC8txy37vlr0xbq L1no/07RBuW1GJM1vqnrn7xd9kAGwd/CFfgAx6Id5naf/BnTY7NTnjA5bX9GT2Dv /EP9M2/QhU5HGAchGrHoDjPmYF41tdxnIzAQi7657TwrorVWlT5Nlzb03GSjsz7G uClP/asaRoCpmLXM/c+O9DE0wbMs21+lXR+1fXNqlDXQ4PbF1Dz2chFcpvc+aHNf 7hTf6U9TXKItrR3CX6go0BLONjUmcsvIMNzo/PwoEjXUOn4/hq1SsFPT8+L/oMKo sLkJnjYcW3MuhHjbmUsupskZyHEWvLF+lEfhim2Bb+7XQ77/dTnVeM1TF2pw4346 z3rgMQPDZDryudJUGFQ8lWG3VNsJBVeV0odh3M4fT3TuGpzhLwY8du6XdJfFLuKb p8Zit/zyDw==hqP8 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . For further information, refer to the release notes linked to in the References section. This update rectifies this situation and again uses the database provided in the JDK bundle. Users may also now configure the cacerts database in the java.security file using the property security.systemCACerts. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cloud secure agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "13.46"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "solidfire \\\u0026 hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "6.45"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.0.0.2"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0.0"
},
{
"model": "solidfire\\, enterprise sds \\\u0026 hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "8.60"
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "santricity unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.70.1"
},
{
"model": "cloud insights acquisition unit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "7.52"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "11.54"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "15.38"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "17.32"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "zulu",
"scope": "eq",
"trust": 1.0,
"vendor": "azul",
"version": "18.28"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.3.1"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"model": "e-series santricity web services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.14"
},
{
"model": "e-series santricity storage manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166804"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166796"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167456"
},
{
"db": "PACKETSTORM",
"id": "166898"
},
{
"db": "PACKETSTORM",
"id": "166900"
}
],
"trust": 0.8
},
"cve": "CVE-2022-21434",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-21434",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-407047",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert_us@oracle.com",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-21434",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-21434",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert_us@oracle.com",
"id": "CVE-2022-21434",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-3831",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-407047",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). \n\nBug Fix(es):\n\n* Enable the import of plain keys into the NSS Software Token while in FIPS\nmode [rhel-8, openjdk-17] (BZ#2018189)\n\n* Enable AlgorithmParameters and AlgorithmParameterGenerator services in\nFIPS mode [rhel-8, openjdk-17] (BZ#2055396)\n\n4. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nNew Cryostat 2.1.0 on RHEL 8 container images have been released, adding a\nvariety of features and bug fixes and addressing the following security\nvulnerability: CVE-2021-3121 (see References)\n\nUsers of Cryostat 2.0.0 on RHEL 8 container images are advised to upgrade\nto these updated images, which contain backported patches to correct these\nsecurity issues, fix these bugs and add these enhancements. Users of these\nimages are also encouraged to rebuild all container images that depend on\nthese images. \n\nYou can find images updated by this advisory in Red Hat Container Catalog\n(see References). Solution:\n\nThe Cryostat 2 on RHEL 8 container images provided by this update can be\ndownloaded from the Red Hat Container Registry at registry.redhat.io. \n\nDockerfiles and scripts should be amended either to refer to this new image\nspecifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: java-1.8.0-ibm security update\nAdvisory ID: RHSA-2022:4959-01\nProduct: Red Hat Enterprise Linux Supplementary\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:4959\nIssue date: 2022-06-08\nCVE Names: CVE-2021-35561 CVE-2022-21434 CVE-2022-21443\n CVE-2022-21496\n====================================================================\n1. Summary:\n\nAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux\n7 Supplementary. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64\n\n3. Description:\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit. \n\nThis update upgrades IBM Java SE 8 to version 8 SR7-FP10. \n\nSecurity Fix(es):\n\n* OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility,\n8266097) (CVE-2021-35561)\n\n* OpenJDK: Improper object-to-string conversion in\nAnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)\n\n* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)\n(CVE-2022-21443)\n\n* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of IBM Java must be restarted for this update to take\neffect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097)\n2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)\n2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)\n2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Supplementary (v. 7):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Supplementary (v. 7):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 7):\n\nppc64:\njava-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.ppc64.rpm\njava-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.ppc64.rpm\n\nppc64le:\njava-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm\njava-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.ppc64le.rpm\n\ns390x:\njava-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.s390x.rpm\njava-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.s390x.rpm\n\nx86_64:\njava-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 7):\n\nx86_64:\njava-1.8.0-ibm-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-demo-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-devel-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-jdbc-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-plugin-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\njava-1.8.0-ibm-src-1.8.0.7.10-1jpp.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-35561\nhttps://access.redhat.com/security/cve/CVE-2022-21434\nhttps://access.redhat.com/security/cve/CVE-2022-21443\nhttps://access.redhat.com/security/cve/CVE-2022-21496\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIUAwUBYqFNjNzjgjWX9erEAQgiIA/1FWxZFUVh5VUuwfuL4q1F2+a34xaDFJRC\nBHEFyCQS6s4VTItl0+M+qSa/Hme2JXg0ro2UpkCN22Te3H65kc+OxvZY04IyAmsr\nvk2xFLb2O5NXNh6tFvJF0ldnQMCXTTvFUOXonvR3oWzmI2rYoVPu9Eoyk5IIK+//\nmP/RocS+E7k2DS1HrqU+n+7YEIjw8Ccta6yJN/nVLuvP6829vOCVPvDVVpxOeym4\nMYUuCO1vVnYdeTqRtqm4bdUbnEV7Rj+3GwbPfhe0PTTCRPmRZBC8txy37vlr0xbq\nL1no/07RBuW1GJM1vqnrn7xd9kAGwd/CFfgAx6Id5naf/BnTY7NTnjA5bX9GT2Dv\n/EP9M2/QhU5HGAchGrHoDjPmYF41tdxnIzAQi7657TwrorVWlT5Nlzb03GSjsz7G\nuClP/asaRoCpmLXM/c+O9DE0wbMs21+lXR+1fXNqlDXQ4PbF1Dz2chFcpvc+aHNf\n7hTf6U9TXKItrR3CX6go0BLONjUmcsvIMNzo/PwoEjXUOn4/hq1SsFPT8+L/oMKo\nsLkJnjYcW3MuhHjbmUsupskZyHEWvLF+lEfhim2Bb+7XQ77/dTnVeM1TF2pw4346\nz3rgMQPDZDryudJUGFQ8lWG3VNsJBVeV0odh3M4fT3TuGpzhLwY8du6XdJfFLuKb\np8Zit/zyDw==hqP8\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. For further information,\nrefer to the release notes linked to in the References section. This update\nrectifies this situation and again uses the database provided in the JDK\nbundle. Users may also now configure the cacerts database in the\njava.security file using the property security.systemCACerts. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21434"
},
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "PACKETSTORM",
"id": "166804"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166796"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167456"
},
{
"db": "PACKETSTORM",
"id": "166898"
},
{
"db": "PACKETSTORM",
"id": "166900"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21434",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "167088",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167385",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167327",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167980",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166967",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167164",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167942",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167454",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167271",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167979",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166954",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166804",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022051742",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070412",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041944",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072540",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051325",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051235",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042559",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071332",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022053122",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042139",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050504",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042105",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050424",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060921",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042620",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166835",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3583",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1840",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2851",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3440",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2360",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3824",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3865",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3831",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167456",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167378",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167122",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167140",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-407047",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166796",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166898",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166900",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "PACKETSTORM",
"id": "166804"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166796"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167456"
},
{
"db": "PACKETSTORM",
"id": "166898"
},
{
"db": "PACKETSTORM",
"id": "166900"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"id": "VAR-202204-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
}
],
"trust": 0.01
},
"last_update_date": "2024-09-19T20:37:38.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Java SE Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=190922"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220429-0006/"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5128"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5131"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html"
},
{
"trust": 1.4,
"url": "https://access.redhat.com/security/cve/cve-2022-21434"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-21443"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21443"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21496"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-21496"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21434"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21426"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21476"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21426"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-21476"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050504"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166835/ubuntu-security-notice-usn-5388-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042620"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060921"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042105"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041944"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167980/ubuntu-security-notice-usn-5546-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166804/red-hat-security-advisory-2022-1443-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1808"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070707"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167088/red-hat-security-advisory-2022-1679-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022053122"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167942/red-hat-security-advisory-2022-5837-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2373"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3440"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3583"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21434/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051742"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167271/red-hat-security-advisory-2022-2272-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2851"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051325"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3865"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071332"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1840"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3824"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167142/red-hat-security-advisory-2022-2216-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166967/red-hat-security-advisory-2022-1713-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072540"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167327/red-hat-security-advisory-2022-2281-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167164/red-hat-security-advisory-2022-1699-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042559"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042139"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/oracle-java-vulnerabilities-of-april-2022-38106"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2360"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167385/red-hat-security-advisory-2022-1729-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167979/ubuntu-security-notice-usn-5546-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051235"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070412"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050424"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167454/red-hat-security-advisory-2022-4957-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21449"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-21449"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1443"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1441"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/containers"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1438"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_rhel/assembly_installing-openjdk-8-on-red-hat-enterprise-linux_openjdk#installing-jdk11-on-rhel-using-archive_openjdk"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openjdk/17/html/installing_and_using_openjdk_17_for_windows/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "PACKETSTORM",
"id": "166804"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166796"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167456"
},
{
"db": "PACKETSTORM",
"id": "166898"
},
{
"db": "PACKETSTORM",
"id": "166900"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-407047"
},
{
"db": "PACKETSTORM",
"id": "166804"
},
{
"db": "PACKETSTORM",
"id": "166799"
},
{
"db": "PACKETSTORM",
"id": "166796"
},
{
"db": "PACKETSTORM",
"id": "166792"
},
{
"db": "PACKETSTORM",
"id": "167088"
},
{
"db": "PACKETSTORM",
"id": "167456"
},
{
"db": "PACKETSTORM",
"id": "166898"
},
{
"db": "PACKETSTORM",
"id": "166900"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
},
{
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-407047"
},
{
"date": "2022-04-21T15:10:06",
"db": "PACKETSTORM",
"id": "166804"
},
{
"date": "2022-04-21T15:09:12",
"db": "PACKETSTORM",
"id": "166799"
},
{
"date": "2022-04-21T15:08:42",
"db": "PACKETSTORM",
"id": "166796"
},
{
"date": "2022-04-21T15:08:01",
"db": "PACKETSTORM",
"id": "166792"
},
{
"date": "2022-05-11T16:48:11",
"db": "PACKETSTORM",
"id": "167088"
},
{
"date": "2022-06-09T16:10:59",
"db": "PACKETSTORM",
"id": "167456"
},
{
"date": "2022-04-29T12:36:12",
"db": "PACKETSTORM",
"id": "166898"
},
{
"date": "2022-04-29T12:36:41",
"db": "PACKETSTORM",
"id": "166900"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3831"
},
{
"date": "2022-04-19T21:15:15.387000",
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-407047"
},
{
"date": "2022-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-3831"
},
{
"date": "2024-06-21T19:15:22.170000",
"db": "NVD",
"id": "CVE-2022-21434"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Java SE Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-3831"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.