Vulnerability CVE-2022-21291 - CERT Civis.Net

Vulnerability Name:

CVE-2022-21291 (CCN-217586)

Assigned:

2021-11-15

Published:

2022-01-18

Updated:

2022-10-27

Summary:

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo
CWE-787

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2022-21291

Source: XF
Type: UNKNOWN
oracle-cpujan2022-cve202221291(217586)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-477401b0f7

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-05

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0007/

Source: DEBIAN
Type: Third Party Advisory
DSA-5057

Source: DEBIAN
Type: Third Party Advisory
DSA-5058

Source: CCN
Type: IBM Security Bulletin 6558558 (Java)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6565659 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 6568255 (WebSphere Cast Iron)
Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6570941 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 6572983 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6574811 (Tivoli Application Dependency Discovery Manager)
Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service

Source: CCN
Type: IBM Security Bulletin 6575093 (Tivoli Monitoring)
Vulnerabilities in IBM Java included with IBM Tivoli Monitoring

Source: CCN
Type: IBM Security Bulletin 6575365 (App Connect Enterprise)
Multiple vulnerabilities in IBM Java Runtime which affects IBM Integration Bus and IBM App Connect Enterprise

Source: CCN
Type: IBM Security Bulletin 6578583 (Cloud Pak for Business Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022

Source: CCN
Type: IBM Security Bulletin 6579137 (Spectrum Scale)
Vulnerability in IBM JAVA JDK affects IBM Spectrum Scale (CVE-2022-21291)

Source: CCN
Type: IBM Security Bulletin 6582695 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6583947 (Watson Assistant for Cloud Pak for data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21291)

Source: CCN
Type: IBM Security Bulletin 6586700 (Secure External Authentication Server)
IBM Sterling External Authentication Server is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Source: CCN
Type: IBM Security Bulletin 6586758 (Sterling Secure Proxy)
IBM Sterling Secure Proxy is vulnerable to multiple vulnerabilities due to IBM Java Runtime

Source: CCN
Type: IBM Security Bulletin 6589119 (Elastic Storage System)
A vulnerability in IBM JAVA JDK affects IBM Spectrum Scale packaged in IBM Elastic Storage System (CVE-2022-21291)

Source: CCN
Type: IBM Security Bulletin 6591155 (Security SOAR)
IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.0

Source: CCN
Type: IBM Security Bulletin 6591191 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 6591519 (i)
IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker obtaining sensitive information and other attacks due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6592587 (WIoTP MessageGateway)
Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight

Source: CCN
Type: IBM Security Bulletin 6594459 (Netcool Operations Insight)
Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6594745 (Cloud Application Business Insights)
Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550

Source: CCN
Type: IBM Security Bulletin 6595153 (CICS TX Standard)
Multiple vulnerabilities in Java SE affect IBM CICS TX Standard

Source: CCN
Type: IBM Security Bulletin 6595159 (CICS TX Advanced)
Multiple vulnerabilities in Java SE affect IBM CICS TX Advanced

Source: CCN
Type: IBM Security Bulletin 6595161 (TXSeries for Multiplatforms)
Multiple vulnerabilities in Java SE affect IBM TXSeries for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 6597227 (WebSphere Internet Pass-Thru)
IBM MQ Internet Pass-Thru is vulnerable to an issue within IBM Runtime Environment Java Technology Edition, Version 7. (CVE-2022-21305, CVE-2022-21291)

Source: CCN
Type: IBM Security Bulletin 6597243 (CICS Transaction Gateway)
June 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6597261 (WebSphere Application Server Patterns)
Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server January 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Source: CCN
Type: IBM Security Bulletin 6597279 (Sterling Connect:Direct Browser User Interface)
IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 6597491 (Tivoli Composite Application Manager for Transactions)
IBM SDK, Java Technology Edition Quarterly CPU - Jan 2022 - Includes Oracle January 2022 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Source: CCN
Type: IBM Security Bulletin 6597495 (Tivoli Business Service Manager)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Source: CCN
Type: IBM Security Bulletin 6598363 (Rational Business Developer)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Source: CCN
Type: IBM Security Bulletin 6598745 (Event Streams)
Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)

Source: CCN
Type: IBM Security Bulletin 6599705 (Tivoli Netcool/Impact)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Source: CCN
Type: IBM Security Bulletin 6599979 (MQ)
IBM MQ is vulnerable to multiple issues within IBM Runtime Environment Java Technology Edition, Version 8 (CVE-2021-35603, CVE-2022-21305, CVE-2022-21291, CVE-2021-35550)

Source: CCN
Type: IBM Security Bulletin 6602023 (Tivoli Netcool/OMNIbus)
Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6606241 (Rational Build Forge)
IBM Rational Build Forge is vulnerable to unspecified vulnerabilities due to the use of IBM Java.

Source: CCN
Type: IBM Security Bulletin 6610905 (Workload Scheduler)
Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8, affect IBM Workload Scheduler.

Source: CCN
Type: IBM Security Bulletin 6616545 (Netcool Operations Insight)
Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6618717 (Intelligent Operations Center)
Multiple vulnerabilities have been identified in IBM Java 8 shipped with IBM Intelligent Operations Center (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-20)

Source: CCN
Type: IBM Security Bulletin 6825511 (Rational Synergy)
Multiple Vulnerabilities in Rational Synergy 7.2.2.4

Source: CCN
Type: IBM Security Bulletin 6841803 (Cognos Controller)
IBM Cognos Controller has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6842113 (Operations Analytics Predictive Insights)
Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Source: CCN
Type: IBM Security Bulletin 6962411 (CICS Transaction Gateway)
June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jre:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:1.8.0:update311:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*

OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:cloud_insights:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

OR cpe:/a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*

OR cpe:/a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

OR cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.70.1)

Configuration 4:

cpe:/a:oracle:openjdk:17:*:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 15 and <= 15.0.5)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 11 and <= 11.0.13)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 13 and <= 13.0.9)

OR cpe:/a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:java_se:7u321:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:8u311:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:17.01:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

AND

cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:mq:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.1.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_cast_iron:7.5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:7.5.2.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:sterling_secure_proxy:3.4.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:7.5.3.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:iot_messagesight:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_external_authentication_server:2.4.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_composite_application_manager:7.4.0:*:*:*:transactions:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:elastic_storage_system:6.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:sterling_secure_proxy:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:secure_external_authentication_server:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7535	P	java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7536	P	java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8079	P	java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3437	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95067	P	java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94586	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2956	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94587	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2957	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:101888	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:126846	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5995	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119536	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5205	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:126847	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125680	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5206	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:127243	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125681	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5994	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:1228	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:127244	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119351	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:94483	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:1538	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:100433	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:93850	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:102102	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:100767	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:94062	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:970	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:119145	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:101662	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:94276	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:100095	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:6181	P	Security update for java-11-openjdk (Moderate)	2022-03-04
oval:com.redhat.rhsa:def:20220185	P	RHSA-2022:0185: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220204	P	RHSA-2022:0204: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220161	P	RHSA-2022:0161: java-17-openjdk security update (Moderate)	2022-01-19