CVE-2022-21626
First published: Tue Oct 18 2022(Updated: )
An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Business Automation | <=V22.0.2 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF016 | |
| IBM Cloud Pak for Business Automation | <=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes | |
| Oracle GraalVM | =20.3.7 | |
| Oracle GraalVM | =21.3.3 | |
| Oracle GraalVM | =22.2.0 | |
| Oracle JDK | =1.8.0-update341 | |
| Oracle JDK | =1.8.0-update345 | |
| Oracle JDK | =11.0.16.1 | |
| Oracle JRE | =1.8.0-update341 | |
| Oracle JRE | =1.8.0-update345 | |
| Oracle JRE | =11.0.16.1 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Cloud Insights Acquisition Unit | ||
| Netapp Cloud Secure Agent | ||
| NetApp E-Series SANtricity OS Controller | >=11.0<=11.70.2 | |
| Netapp E-series Santricity Storage Manager | ||
| Netapp E-series Santricity Unified Manager | ||
| NetApp OnCommand Insight | ||
| NetApp OnCommand Workflow Automation | ||
| Netapp Santricity Storage Plugin Vcenter | ||
| NetApp SANtricity Web Services Proxy | ||
| Azul Zulu | =6.49 | |
| Azul Zulu | =7.56 | |
| Azul Zulu | =8.64 | |
| Azul Zulu | =11.58 | |
| Azul Zulu | =13.50 | |
| Azul Zulu | =15.42 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/238689
- https://www.ibm.com/support/pages/node/6857999 (Advisory)
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/
- https://security.gentoo.org/glsa/202401-25
Frequently Asked Questions
What is CVE-2022-21626?
CVE-2022-21626 is an unspecified vulnerability in Java SE related to the Security component that could allow an unauthenticated attacker to exploit the system.
Which versions of Oracle Java SE and Oracle GraalVM Enterprise Edition are affected by CVE-2022-21626?
The affected versions of Oracle Java SE are 8u341, 8u345-perf, and 11.0.16.1. The affected versions of Oracle GraalVM Enterprise Edition are 20.3.7, 21.3.3, and 22.2.0.
What is the severity of CVE-2022-21626?
CVE-2022-21626 has a severity rating of 5.3, which is classified as medium.
How can I fix CVE-2022-21626?
To fix CVE-2022-21626, it is recommended to update your Oracle Java SE or Oracle GraalVM Enterprise Edition to the latest patched versions provided by Oracle.
Where can I find more information about CVE-2022-21626?
You can find more information about CVE-2022-21626 on the following references: [reference 1], [reference 2], [reference 3].
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- agent/last-modified-date
- collector/ibm-support
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm cloud pak for business automation
- version/ibm cloud pak for business automation/v22.0.2
- version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if016
- version/ibm cloud pak for business automation/v22.0.1 - v22.0.1-if006 and later fixes v21.0.2 - v21.0.2-if012 and later fixesv21.0.1 - v21.0.1-if007 and later fixesv20.0.1 - v20.0.3 and later fixesv19.0.1 - v19.0.3 and later fixesv18.0.0 - v18.0.2 and later fixes
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/20.3.7
- version/oracle graalvm/21.3.3
- version/oracle graalvm/22.2.0
- canonical/oracle jdk
- version/oracle jdk/1.8.0-update341
- version/oracle jdk/1.8.0-update345
- version/oracle jdk/11.0.16.1
- canonical/oracle jre
- version/oracle jre/1.8.0-update341
- version/oracle jre/1.8.0-update345
- version/oracle jre/11.0.16.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp cloud insights acquisition unit
- canonical/netapp cloud secure agent
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/11.0
- version/netapp e-series santricity os controller/11.70.2
- canonical/netapp e-series santricity storage manager
- canonical/netapp e-series santricity unified manager
- canonical/netapp oncommand insight
- canonical/netapp oncommand workflow automation
- canonical/netapp santricity storage plugin vcenter
- canonical/netapp santricity web services proxy
- vendor/azul
- canonical/azul zulu
- version/azul zulu/6.49
- version/azul zulu/7.56
- version/azul zulu/8.64
- version/azul zulu/11.58
- version/azul zulu/13.50
- version/azul zulu/15.42