CVE-2022-21449
First published: Fri Apr 15 2022(Updated: )
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <17-openjdk-1:17.0.3.0.6-2.el8_5 | 17-openjdk-1:17.0.3.0.6-2.el8_5 |
| redhat/java | <17-openjdk-1:17.0.3.0.7-1.el9_0 | 17-openjdk-1:17.0.3.0.7-1.el9_0 |
| debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.8+7-1~deb12u1 17.0.9+9-1 | |
| IBM Cognos Command Center | <=10.2.4.1 | |
| Oracle GraalVM | =21.3.1 | |
| Oracle GraalVM | =22.0.0.2 | |
| Oracle JDK | =17.0.2 | |
| Oracle JDK | =18 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Active Iq Unified Manager Vsphere | ||
| Netapp Active Iq Unified Manager Windows | ||
| Netapp Cloud Insights | ||
| NetApp E-Series SANtricity OS Controller | =11.0 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Web Services | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Santricity Unified Manager | ||
| Netapp Solidfire\, Enterprise Sds \& Hci Storage Node | ||
| Netapp Solidfire \& Hci Management Node | ||
| Netapp Hci Compute Node | ||
| Azul Zulu | =15.38 | |
| Azul Zulu | =17.32 | |
| Azul Zulu | =18.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/224732
- https://www.ibm.com/support/pages/node/6983274 (Advisory)
- http://www.openwall.com/lists/oss-security/2022/04/28/2
- http://www.openwall.com/lists/oss-security/2022/04/28/3
- http://www.openwall.com/lists/oss-security/2022/04/28/4
- http://www.openwall.com/lists/oss-security/2022/04/28/5
- http://www.openwall.com/lists/oss-security/2022/04/28/6
- http://www.openwall.com/lists/oss-security/2022/04/28/7
- http://www.openwall.com/lists/oss-security/2022/04/29/1
- http://www.openwall.com/lists/oss-security/2022/04/30/1
- http://www.openwall.com/lists/oss-security/2022/04/30/2
- http://www.openwall.com/lists/oss-security/2022/04/30/3
- http://www.openwall.com/lists/oss-security/2022/04/30/4
- http://www.openwall.com/lists/oss-security/2022/05/01/1
- http://www.openwall.com/lists/oss-security/2022/05/01/2
- http://www.openwall.com/lists/oss-security/2022/05/02/1
- https://security.netapp.com/advisory/ntap-20220429-0006/
- https://www.debian.org/security/2022/dsa-5128
- https://www.debian.org/security/2022/dsa-5131
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://access.redhat.com/errata/RHSA-2022:1445
- https://github.com/openjdk/jdk17u/commit/2d4103a3d929e05edca98e7703e0869077966be7
- https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixJAVA
- https://neilmadden.blog/2022/04/19/psychic-signatures-in-java
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2075821#c8
- https://access.redhat.com/errata/RHSA-2022:1436
- https://access.redhat.com/errata/RHSA-2022:1437
- https://access.redhat.com/security/cve/cve-2022-21449
- https://access.redhat.com/errata/RHSA-2022:1729
- https://bugzilla.redhat.com/show_bug.cgi?id=2075821
- https://www.cve.org/CVERecord?id=CVE-2022-21449 https://nvd.nist.gov/vuln/detail/CVE-2022-21449 https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
- https://security-tracker.debian.org/tracker/CVE-2022-21449
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID for this Java SE vulnerability?
The vulnerability ID for this Java SE vulnerability is CVE-2022-21449.
What is the severity of CVE-2022-21449?
The severity of CVE-2022-21449 is high, with a severity value of 7.5.
Which versions of Oracle Java SE are affected by CVE-2022-21449?
Oracle Java SE versions 17.0.2 and 18 are affected by CVE-2022-21449.
Which versions of Oracle GraalVM Enterprise Edition are affected by CVE-2022-21449?
Oracle GraalVM Enterprise Edition versions 21.3.1 and 22.0.0.2 are affected by CVE-2022-21449.
How can I fix CVE-2022-21449?
To fix CVE-2022-21449, update to Oracle Java SE version 17.0.3.0.6-2.el8_5 or higher, or apply the necessary patches provided by your software vendor.
- collector/redhat-cve
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-21449
- agent/references
- agent/description
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- package-manager/redhat
- package-manager/debian
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/21.3.1
- version/oracle graalvm/22.0.0.2
- canonical/oracle jdk
- version/oracle jdk/17.0.2
- version/oracle jdk/18
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp active iq unified manager vsphere
- canonical/netapp active iq unified manager windows
- canonical/netapp cloud insights
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity web services
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp santricity unified manager
- canonical/netapp solidfire\, enterprise sds \& hci storage node
- canonical/netapp solidfire \& hci management node
- canonical/netapp hci compute node
- vendor/azul
- canonical/azul zulu
- version/azul zulu/15.38
- version/azul zulu/17.32
- version/azul zulu/18.28
- vendor/ibm
- canonical/ibm cognos command center
- version/ibm cognos command center/10.2.4.1