First published: Fri Apr 15 2022(Updated: )
An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <11-openjdk-1:11.0.15.0.9-2.el7_9 | 11-openjdk-1:11.0.15.0.9-2.el7_9 |
redhat/java | <1.8.0-openjdk-1:1.8.0.332.b09-1.el7_9 | 1.8.0-openjdk-1:1.8.0.332.b09-1.el7_9 |
redhat/java | <1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.8.0-1jpp.1.el7 |
redhat/java | <11-openjdk-1:11.0.15.0.9-2.el8_5 | 11-openjdk-1:11.0.15.0.9-2.el8_5 |
redhat/java | <17-openjdk-1:17.0.3.0.6-2.el8_5 | 17-openjdk-1:17.0.3.0.6-2.el8_5 |
redhat/java | <1.8.0-openjdk-1:1.8.0.332.b09-1.el8_5 | 1.8.0-openjdk-1:1.8.0.332.b09-1.el8_5 |
redhat/java | <11-openjdk-1:11.0.15.0.9-2.el8_1 | 11-openjdk-1:11.0.15.0.9-2.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.332.b09-1.el8_1 | 1.8.0-openjdk-1:1.8.0.332.b09-1.el8_1 |
redhat/java | <11-openjdk-1:11.0.15.0.9-2.el8_2 | 11-openjdk-1:11.0.15.0.9-2.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.332.b09-1.el8_2 | 1.8.0-openjdk-1:1.8.0.332.b09-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.15.0.9-2.el8_4 | 11-openjdk-1:11.0.15.0.9-2.el8_4 |
redhat/java | <1.8.0-openjdk-1:1.8.0.332.b09-1.el8_4 | 1.8.0-openjdk-1:1.8.0.332.b09-1.el8_4 |
redhat/java | <11-openjdk-1:11.0.15.0.10-1.el9_0 | 11-openjdk-1:11.0.15.0.10-1.el9_0 |
redhat/java | <17-openjdk-1:17.0.3.0.7-1.el9_0 | 17-openjdk-1:17.0.3.0.7-1.el9_0 |
redhat/java | <1.8.0-openjdk-1:1.8.0.332.b09-1.el9_0 | 1.8.0-openjdk-1:1.8.0.332.b09-1.el9_0 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.20+8-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1 | |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.8+7-1~deb12u1 17.0.9+9-1 | |
debian/openjdk-8 | 8u382-ga-2 | |
Oracle GraalVM | =20.3.5 | |
Oracle GraalVM | =21.3.1 | |
Oracle GraalVM | =22.0.0.2 | |
Oracle JDK | =1.7.0-update331 | |
Oracle JDK | =1.8.0-update321 | |
Oracle JDK | =11.0.14 | |
Oracle JDK | =17.0.2 | |
Oracle JDK | =18 | |
Oracle JRE | =1.7.0-update331 | |
Oracle JRE | =1.8.0-update321 | |
Oracle JRE | =11.0.14 | |
Oracle JRE | =17.0.2 | |
Oracle JRE | =18 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
NetApp 7-Mode Transition Tool | ||
Netapp Active Iq Unified Manager Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Cloud Insights Acquisition Unit | ||
Netapp Cloud Secure Agent | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
Netapp E-series Santricity Storage Manager | ||
Netapp E-series Santricity Web Services Web Services Proxy | ||
NetApp OnCommand Insight | ||
Netapp Santricity Unified Manager | ||
Netapp Solidfire\, Enterprise Sds \& Hci Storage Node | ||
Netapp Solidfire \& Hci Management Node | ||
Netapp Hci Compute Node Firmware | ||
Azul Zulu | =6.45 | |
Azul Zulu | =7.52 | |
Azul Zulu | =8.60 | |
Azul Zulu | =11.54 | |
Azul Zulu | =13.46 | |
Azul Zulu | =15.38 | |
Azul Zulu | =17.32 | |
Azul Zulu | =18.28 | |
IBM Security Guardium | <=10.6 | |
IBM Security Guardium | <=11.3 | |
IBM Security Guardium | <=11.4 | |
IBM Security Guardium | <=11.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-21426 is an unspecified vulnerability in Java SE related to the JAXP component that could allow an unauthenticated attacker to exploit it.
The severity of CVE-2022-21426 is medium with a CVSS score of 5.3.
Oracle Java SE versions 7u331, 8u321, 11.0.14, 17.0.2, 18 are affected by CVE-2022-21426.
Oracle GraalVM Enterprise Edition versions 20.3.5, 21.3.1, and 22.0.0.2 are affected by CVE-2022-21426.
To fix CVE-2022-21426, update your Oracle Java SE installations to the patched versions provided by Oracle.