CVE-2022-21282
First published: Mon Jan 17 2022(Updated: )
It was discovered that the TransformerImpl class implementation in the JAXP component of OpenJDK did not properly check access restrictions when performing URI resolution. This could possibly lead to information disclosure when performing XSLT transformations.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <11-openjdk-1:11.0.14.0.9-1.el7_9 | 11-openjdk-1:11.0.14.0.9-1.el7_9 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9 | 1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9 |
| redhat/java | <17-openjdk-1:17.0.2.0.8-4.el8_5 | 17-openjdk-1:17.0.2.0.8-4.el8_5 |
| redhat/java | <11-openjdk-1:11.0.14.0.9-2.el8_5 | 11-openjdk-1:11.0.14.0.9-2.el8_5 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5 | 1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5 |
| redhat/java | <11-openjdk-1:11.0.14.0.9-1.el8_1 | 11-openjdk-1:11.0.14.0.9-1.el8_1 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-1.el8_1 | 1.8.0-openjdk-1:1.8.0.322.b06-1.el8_1 |
| redhat/java | <11-openjdk-1:11.0.14.0.9-1.el8_2 | 11-openjdk-1:11.0.14.0.9-1.el8_2 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-1.el8_2 | 1.8.0-openjdk-1:1.8.0.322.b06-1.el8_2 |
| redhat/java | <11-openjdk-1:11.0.14.0.9-2.el8_4 | 11-openjdk-1:11.0.14.0.9-2.el8_4 |
| redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-2.el8_4 | 1.8.0-openjdk-1:1.8.0.322.b06-2.el8_4 |
| debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 | |
| debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.9+9-2 17.0.10~6ea-1 | |
| debian/openjdk-8 | 8u392-ga-1 | |
| Oracle GraalVM | =20.3.4 | |
| Oracle GraalVM | =21.3.0 | |
| Oracle JDK | =1.7.0-update321 | |
| Oracle JDK | =1.8.0-update311 | |
| Oracle JDK | =11.0.13 | |
| Oracle JDK | =17.0.1 | |
| Oracle JRE | =1.7.0-update321 | |
| Oracle JRE | =1.8.0-update311 | |
| Oracle JRE | =11.0.13 | |
| Oracle JRE | =17.0.1 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Cloud Insights | ||
| NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Web Services Web Services Proxy | ||
| Netapp Hci Management Node | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Santricity Unified Manager | ||
| Netapp Snapmanager Oracle | ||
| Netapp Snapmanager Sap | ||
| Netapp Solidfire | ||
| Oracle OpenJDK | >=11<=11.0.13 | |
| Oracle OpenJDK | >=13<=13.0.9 | |
| Oracle OpenJDK | >=15<=15.0.5 | |
| Oracle OpenJDK | =7 | |
| Oracle OpenJDK | =7-update1 | |
| Oracle OpenJDK | =7-update10 | |
| Oracle OpenJDK | =7-update101 | |
| Oracle OpenJDK | =7-update11 | |
| Oracle OpenJDK | =7-update111 | |
| Oracle OpenJDK | =7-update121 | |
| Oracle OpenJDK | =7-update13 | |
| Oracle OpenJDK | =7-update131 | |
| Oracle OpenJDK | =7-update141 | |
| Oracle OpenJDK | =7-update15 | |
| Oracle OpenJDK | =7-update151 | |
| Oracle OpenJDK | =7-update161 | |
| Oracle OpenJDK | =7-update17 | |
| Oracle OpenJDK | =7-update171 | |
| Oracle OpenJDK | =7-update181 | |
| Oracle OpenJDK | =7-update191 | |
| Oracle OpenJDK | =7-update2 | |
| Oracle OpenJDK | =7-update201 | |
| Oracle OpenJDK | =7-update21 | |
| Oracle OpenJDK | =7-update211 | |
| Oracle OpenJDK | =7-update221 | |
| Oracle OpenJDK | =7-update231 | |
| Oracle OpenJDK | =7-update241 | |
| Oracle OpenJDK | =7-update25 | |
| Oracle OpenJDK | =7-update251 | |
| Oracle OpenJDK | =7-update261 | |
| Oracle OpenJDK | =7-update271 | |
| Oracle OpenJDK | =7-update281 | |
| Oracle OpenJDK | =7-update291 | |
| Oracle OpenJDK | =7-update3 | |
| Oracle OpenJDK | =7-update301 | |
| Oracle OpenJDK | =7-update311 | |
| Oracle OpenJDK | =7-update321 | |
| Oracle OpenJDK | =7-update4 | |
| Oracle OpenJDK | =7-update40 | |
| Oracle OpenJDK | =7-update45 | |
| Oracle OpenJDK | =7-update5 | |
| Oracle OpenJDK | =7-update51 | |
| Oracle OpenJDK | =7-update55 | |
| Oracle OpenJDK | =7-update6 | |
| Oracle OpenJDK | =7-update60 | |
| Oracle OpenJDK | =7-update65 | |
| Oracle OpenJDK | =7-update67 | |
| Oracle OpenJDK | =7-update7 | |
| Oracle OpenJDK | =7-update72 | |
| Oracle OpenJDK | =7-update76 | |
| Oracle OpenJDK | =7-update80 | |
| Oracle OpenJDK | =7-update85 | |
| Oracle OpenJDK | =7-update9 | |
| Oracle OpenJDK | =7-update91 | |
| Oracle OpenJDK | =7-update95 | |
| Oracle OpenJDK | =7-update97 | |
| Oracle OpenJDK | =7-update99 | |
| Oracle OpenJDK | =8 | |
| Oracle OpenJDK | =8-milestone1 | |
| Oracle OpenJDK | =8-milestone2 | |
| Oracle OpenJDK | =8-milestone3 | |
| Oracle OpenJDK | =8-milestone4 | |
| Oracle OpenJDK | =8-milestone5 | |
| Oracle OpenJDK | =8-milestone6 | |
| Oracle OpenJDK | =8-milestone7 | |
| Oracle OpenJDK | =8-milestone8 | |
| Oracle OpenJDK | =8-milestone9 | |
| Oracle OpenJDK | =8-update101 | |
| Oracle OpenJDK | =8-update102 | |
| Oracle OpenJDK | =8-update11 | |
| Oracle OpenJDK | =8-update111 | |
| Oracle OpenJDK | =8-update112 | |
| Oracle OpenJDK | =8-update121 | |
| Oracle OpenJDK | =8-update131 | |
| Oracle OpenJDK | =8-update141 | |
| Oracle OpenJDK | =8-update151 | |
| Oracle OpenJDK | =8-update152 | |
| Oracle OpenJDK | =8-update161 | |
| Oracle OpenJDK | =8-update162 | |
| Oracle OpenJDK | =8-update171 | |
| Oracle OpenJDK | =8-update172 | |
| Oracle OpenJDK | =8-update181 | |
| Oracle OpenJDK | =8-update191 | |
| Oracle OpenJDK | =8-update192 | |
| Oracle OpenJDK | =8-update20 | |
| Oracle OpenJDK | =8-update201 | |
| Oracle OpenJDK | =8-update202 | |
| Oracle OpenJDK | =8-update211 | |
| Oracle OpenJDK | =8-update212 | |
| Oracle OpenJDK | =8-update221 | |
| Oracle OpenJDK | =8-update222 | |
| Oracle OpenJDK | =8-update231 | |
| Oracle OpenJDK | =8-update232 | |
| Oracle OpenJDK | =8-update241 | |
| Oracle OpenJDK | =8-update242 | |
| Oracle OpenJDK | =8-update25 | |
| Oracle OpenJDK | =8-update252 | |
| Oracle OpenJDK | =8-update262 | |
| Oracle OpenJDK | =8-update271 | |
| Oracle OpenJDK | =8-update281 | |
| Oracle OpenJDK | =8-update282 | |
| Oracle OpenJDK | =8-update291 | |
| Oracle OpenJDK | =8-update301 | |
| Oracle OpenJDK | =8-update302 | |
| Oracle OpenJDK | =8-update31 | |
| Oracle OpenJDK | =8-update312 | |
| Oracle OpenJDK | =8-update40 | |
| Oracle OpenJDK | =8-update45 | |
| Oracle OpenJDK | =8-update5 | |
| Oracle OpenJDK | =8-update51 | |
| Oracle OpenJDK | =8-update60 | |
| Oracle OpenJDK | =8-update65 | |
| Oracle OpenJDK | =8-update66 | |
| Oracle OpenJDK | =8-update71 | |
| Oracle OpenJDK | =8-update72 | |
| Oracle OpenJDK | =8-update73 | |
| Oracle OpenJDK | =8-update74 | |
| Oracle OpenJDK | =8-update77 | |
| Oracle OpenJDK | =8-update91 | |
| Oracle OpenJDK | =8-update92 | |
| Oracle OpenJDK | =17 | |
| Oracle OpenJDK | =17.0.1 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Active Iq Unified Manager Windows | ||
| Netapp Cloud Insights Acquisition Unit | ||
| Netapp Cloud Secure Agent | ||
| Netapp Santricity Storage Plugin Vcenter |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html
- https://security.gentoo.org/glsa/202209-05
- https://security.netapp.com/advisory/ntap-20220121-0007/
- https://www.debian.org/security/2022/dsa-5057
- https://www.debian.org/security/2022/dsa-5058
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2022:0161
- https://access.redhat.com/errata/RHSA-2022:0233
- https://access.redhat.com/errata/RHSA-2022:0209
- https://access.redhat.com/errata/RHSA-2022:0185
- https://access.redhat.com/errata/RHSA-2022:0211
- https://access.redhat.com/errata/RHSA-2022:0204
- https://access.redhat.com/errata/RHSA-2022:0166
- https://access.redhat.com/errata/RHSA-2022:0165
- https://access.redhat.com/errata/RHSA-2022:0228
- https://access.redhat.com/errata/RHSA-2022:0229
- https://github.com/openjdk/jdk17u/commit/592542fb28e26479ac591e9c08f83bd4a3988070
- https://github.com/openjdk/jdk11u-dev/commit/62af7d0aaeb16107a5e8bb22b3f164be407f4499
- http://hg.openjdk.java.net/jdk8u/monojdk8u/rev/fb79a897664c
- https://access.redhat.com/errata/RHSA-2022:0304
- https://access.redhat.com/errata/RHSA-2022:0305
- https://access.redhat.com/errata/RHSA-2022:0307
- https://access.redhat.com/errata/RHSA-2022:0306
- https://access.redhat.com/errata/RHSA-2022:0312
- https://access.redhat.com/errata/RHSA-2022:0321
- https://access.redhat.com/errata/RHSA-2022:0317
- https://access.redhat.com/security/cve/cve-2022-21282
- https://bugzilla.redhat.com/show_bug.cgi?id=2041435
- https://www.cve.org/CVERecord?id=CVE-2022-21282 https://nvd.nist.gov/vuln/detail/CVE-2022-21282
- https://security-tracker.debian.org/tracker/CVE-2022-21282
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/security-tracker-debian
- agent/author
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21282
- agent/references
- agent/severity
- agent/weakness
- agent/event
- agent/last-modified-date
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- package-manager/debian
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/20.3.4
- version/oracle graalvm/21.3.0
- canonical/oracle jdk
- version/oracle jdk/1.7.0-update321
- version/oracle jdk/1.8.0-update311
- version/oracle jdk/11.0.13
- version/oracle jdk/17.0.1
- canonical/oracle jre
- version/oracle jre/1.7.0-update321
- version/oracle jre/1.8.0-update311
- version/oracle jre/11.0.13
- version/oracle jre/17.0.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp cloud insights
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0.0
- version/netapp e-series santricity os controller/11.70.1
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity web services web services proxy
- canonical/netapp hci management node
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp santricity unified manager
- canonical/netapp snapmanager oracle
- canonical/netapp snapmanager sap
- canonical/netapp solidfire
- canonical/oracle openjdk
- version/oracle openjdk/11
- version/oracle openjdk/11.0.13
- version/oracle openjdk/13
- version/oracle openjdk/13.0.9
- version/oracle openjdk/15
- version/oracle openjdk/15.0.5
- version/oracle openjdk/7
- version/oracle openjdk/7-update1
- version/oracle openjdk/7-update10
- version/oracle openjdk/7-update101
- version/oracle openjdk/7-update11
- version/oracle openjdk/7-update111
- version/oracle openjdk/7-update121
- version/oracle openjdk/7-update13
- version/oracle openjdk/7-update131
- version/oracle openjdk/7-update141
- version/oracle openjdk/7-update15
- version/oracle openjdk/7-update151
- version/oracle openjdk/7-update161
- version/oracle openjdk/7-update17
- version/oracle openjdk/7-update171
- version/oracle openjdk/7-update181
- version/oracle openjdk/7-update191
- version/oracle openjdk/7-update2
- version/oracle openjdk/7-update201
- version/oracle openjdk/7-update21
- version/oracle openjdk/7-update211
- version/oracle openjdk/7-update221
- version/oracle openjdk/7-update231
- version/oracle openjdk/7-update241
- version/oracle openjdk/7-update25
- version/oracle openjdk/7-update251
- version/oracle openjdk/7-update261
- version/oracle openjdk/7-update271
- version/oracle openjdk/7-update281
- version/oracle openjdk/7-update291
- version/oracle openjdk/7-update3
- version/oracle openjdk/7-update301
- version/oracle openjdk/7-update311
- version/oracle openjdk/7-update321
- version/oracle openjdk/7-update4
- version/oracle openjdk/7-update40
- version/oracle openjdk/7-update45
- version/oracle openjdk/7-update5
- version/oracle openjdk/7-update51
- version/oracle openjdk/7-update55
- version/oracle openjdk/7-update6
- version/oracle openjdk/7-update60
- version/oracle openjdk/7-update65
- version/oracle openjdk/7-update67
- version/oracle openjdk/7-update7
- version/oracle openjdk/7-update72
- version/oracle openjdk/7-update76
- version/oracle openjdk/7-update80
- version/oracle openjdk/7-update85
- version/oracle openjdk/7-update9
- version/oracle openjdk/7-update91
- version/oracle openjdk/7-update95
- version/oracle openjdk/7-update97
- version/oracle openjdk/7-update99
- version/oracle openjdk/8
- version/oracle openjdk/8-milestone1
- version/oracle openjdk/8-milestone2
- version/oracle openjdk/8-milestone3
- version/oracle openjdk/8-milestone4
- version/oracle openjdk/8-milestone5
- version/oracle openjdk/8-milestone6
- version/oracle openjdk/8-milestone7
- version/oracle openjdk/8-milestone8
- version/oracle openjdk/8-milestone9
- version/oracle openjdk/8-update101
- version/oracle openjdk/8-update102
- version/oracle openjdk/8-update11
- version/oracle openjdk/8-update111
- version/oracle openjdk/8-update112
- version/oracle openjdk/8-update121
- version/oracle openjdk/8-update131
- version/oracle openjdk/8-update141
- version/oracle openjdk/8-update151
- version/oracle openjdk/8-update152
- version/oracle openjdk/8-update161
- version/oracle openjdk/8-update162
- version/oracle openjdk/8-update171
- version/oracle openjdk/8-update172
- version/oracle openjdk/8-update181
- version/oracle openjdk/8-update191
- version/oracle openjdk/8-update192
- version/oracle openjdk/8-update20
- version/oracle openjdk/8-update201
- version/oracle openjdk/8-update202
- version/oracle openjdk/8-update211
- version/oracle openjdk/8-update212
- version/oracle openjdk/8-update221
- version/oracle openjdk/8-update222
- version/oracle openjdk/8-update231
- version/oracle openjdk/8-update232
- version/oracle openjdk/8-update241
- version/oracle openjdk/8-update242
- version/oracle openjdk/8-update25
- version/oracle openjdk/8-update252
- version/oracle openjdk/8-update262
- version/oracle openjdk/8-update271
- version/oracle openjdk/8-update281
- version/oracle openjdk/8-update282
- version/oracle openjdk/8-update291
- version/oracle openjdk/8-update301
- version/oracle openjdk/8-update302
- version/oracle openjdk/8-update31
- version/oracle openjdk/8-update312
- version/oracle openjdk/8-update40
- version/oracle openjdk/8-update45
- version/oracle openjdk/8-update5
- version/oracle openjdk/8-update51
- version/oracle openjdk/8-update60
- version/oracle openjdk/8-update65
- version/oracle openjdk/8-update66
- version/oracle openjdk/8-update71
- version/oracle openjdk/8-update72
- version/oracle openjdk/8-update73
- version/oracle openjdk/8-update74
- version/oracle openjdk/8-update77
- version/oracle openjdk/8-update91
- version/oracle openjdk/8-update92
- version/oracle openjdk/17
- version/oracle openjdk/17.0.1
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp active iq unified manager windows
- canonical/netapp cloud insights acquisition unit
- canonical/netapp cloud secure agent
- canonical/netapp santricity storage plugin vcenter