CVE-2022-21624
First published: Tue Oct 18 2022(Updated: )
An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to update, insert or delete data resulting in a low integrity impact using unknown attack vectors.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle GraalVM | =20.3.7 | |
| Oracle GraalVM | =21.3.3 | |
| Oracle GraalVM | =22.2.0 | |
| Oracle JDK | =1.8.0-update341 | |
| Oracle JDK | =1.8.0-update345 | |
| Oracle JDK | =11.0.16.1 | |
| Oracle JDK | =17.0.4.1 | |
| Oracle JDK | =19 | |
| Oracle JRE | =1.8.0-update341 | |
| Oracle JRE | =1.8.0-update345 | |
| Oracle JRE | =11.0.16.1 | |
| Oracle JRE | =17.0.4.1 | |
| Oracle JRE | =19 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Cloud Insights Acquisition Unit | ||
| Netapp Cloud Secure Agent | ||
| NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.2 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Unified Manager | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Santricity Storage Plugin Vcenter | ||
| NetApp SANtricity Web Services Proxy | ||
| Azul Zulu | =6.49 | |
| Azul Zulu | =7.56 | |
| Azul Zulu | =8.64 | |
| Azul Zulu | =11.58 | |
| Azul Zulu | =13.50 | |
| Azul Zulu | =15.42 | |
| Azul Zulu | =17.36 | |
| Azul Zulu | =19.28 | |
| IBM Cloud Pak for Business Automation | <=V22.0.2 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF016 | |
| IBM Cloud Pak for Business Automation | <=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/
- https://security.gentoo.org/glsa/202401-25
- https://exchange.xforce.ibmcloud.com/vulnerabilities/238699
- https://www.ibm.com/support/pages/node/6857999
Frequently Asked Questions
What is CVE-2022-21624?
CVE-2022-21624 is an unspecified vulnerability in Java SE related to the Security component.
Which products are affected by CVE-2022-21624?
Oracle Java SE versions 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, and 19 are affected. Oracle GraalVM Enterprise Edition versions 20.3.7, 21.3.3, and 22.2.0 are also affected.
How severe is CVE-2022-21624?
CVE-2022-21624 has a severity rating of 3.7 (low).
Is CVE-2022-21624 difficult to exploit?
Yes, CVE-2022-21624 is difficult to exploit.
Where can I find more information about CVE-2022-21624?
You can find more information about CVE-2022-21624 in the references section of the vulnerability report.
- agent/type
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/20.3.7
- version/oracle graalvm/21.3.3
- version/oracle graalvm/22.2.0
- canonical/oracle jdk
- version/oracle jdk/1.8.0-update341
- version/oracle jdk/1.8.0-update345
- version/oracle jdk/11.0.16.1
- version/oracle jdk/17.0.4.1
- version/oracle jdk/19
- canonical/oracle jre
- version/oracle jre/1.8.0-update341
- version/oracle jre/1.8.0-update345
- version/oracle jre/11.0.16.1
- version/oracle jre/17.0.4.1
- version/oracle jre/19
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp cloud insights acquisition unit
- canonical/netapp cloud secure agent
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- version/netapp e-series santricity os controller/11.70.2
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity unified manager
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp santricity storage plugin vcenter
- canonical/netapp santricity web services proxy
- vendor/azul
- canonical/azul zulu
- version/azul zulu/6.49
- version/azul zulu/7.56
- version/azul zulu/8.64
- version/azul zulu/11.58
- version/azul zulu/13.50
- version/azul zulu/15.42
- version/azul zulu/17.36
- version/azul zulu/19.28
- vendor/ibm
- canonical/ibm cognos command center
- version/ibm cognos command center/10.2.4.1