Vulnerability CVE-2022-21294 - CERT Civis.Net

Vulnerability Name:

CVE-2022-21294 (CCN-217589)

Assigned:

2021-11-15

Published:

2022-01-18

Updated:

2022-10-27

Summary:

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo
CWE-770

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-21294

Source: XF
Type: UNKNOWN
oracle-cpujan2022-cve202221294(217589)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-05

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0007/

Source: DEBIAN
Type: Third Party Advisory
DSA-5057

Source: DEBIAN
Type: Third Party Advisory
DSA-5058

Source: CCN
Type: IBM Security Bulletin 6555376 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6558558 (Java)
Multiple vulnerabilities may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6560110 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6565647 (SPSS Collaboration and Deployment Services)
Multiple vulnerabilities in IBM Java Runtime affect SPSS Collaboration and Deployment Services

Source: CCN
Type: IBM Security Bulletin 6565659 (Rational Functional Tester)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Source: CCN
Type: IBM Security Bulletin 6567133 (Rational Software Architect Designer)
IBM SDK, Java Technology Edition Quarterly CPU - Oct 2021and Jan 2022

Source: CCN
Type: IBM Security Bulletin 6568255 (WebSphere Cast Iron)
Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6570941 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 6572983 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6574811 (Tivoli Application Dependency Discovery Manager)
Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager (TADDM) is vulnerable to denial of service

Source: CCN
Type: IBM Security Bulletin 6575093 (Tivoli Monitoring)
Vulnerabilities in IBM Java included with IBM Tivoli Monitoring

Source: CCN
Type: IBM Security Bulletin 6575365 (App Connect Enterprise)
Multiple vulnerabilities in IBM Java Runtime which affects IBM Integration Bus and IBM App Connect Enterprise

Source: CCN
Type: IBM Security Bulletin 6578583 (Cloud Pak for Business Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022

Source: CCN
Type: IBM Security Bulletin 6578665 (InfoSphere Information Server)
Multiple vulnerabilities in IBM Java SDK (January 2022) affects IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 6582695 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6583845 (Watson Assistant for Cloud Pak for data)
Vulnerability in Java SE - CVE-2022-21294 may affect IBM Watson Assistant for IBM Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6590793 (Hardware Management Console)
Vulnerability in IBM SDK, Java Technology (CVE-2022-21341, CVE-2022-21294, CVE-2022-21293 and CVE-2022-21248) affects Power HMC

Source: CCN
Type: IBM Security Bulletin 6591155 (Security SOAR)
IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.0

Source: CCN
Type: IBM Security Bulletin 6591173 (Enterprise Content Management System Monitor)
Enterprise Content Management System Monitor is affected by a vulnerability in IBM SDK Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6591191 (Sterling Connect:Direct Web Services)
IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 6591519 (i)
IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthenticated attacker obtaining sensitive information and other attacks due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6592587 (WIoTP MessageGateway)
Multiple vulnerabilities in multiple dependencies affect IBM MessageGateway/ MessageSight

Source: CCN
Type: IBM Security Bulletin 6593755 (Content Collector)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6593765 (Content Collector)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6593769 (Content Collector)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6593771 (Content Collector)
Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6594459 (Netcool Operations Insight)
Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6594745 (Cloud Application Business Insights)
Vulnerabilities in Java affects IBM Cloud Application Business Insights - Quaterly Java update, CVE-2021-35603 and CVE-2021-35550

Source: CCN
Type: IBM Security Bulletin 6594861 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 6595153 (CICS TX Standard)
Multiple vulnerabilities in Java SE affect IBM CICS TX Standard

Source: CCN
Type: IBM Security Bulletin 6595159 (CICS TX Advanced)
Multiple vulnerabilities in Java SE affect IBM CICS TX Advanced

Source: CCN
Type: IBM Security Bulletin 6595161 (TXSeries for Multiplatforms)
Multiple vulnerabilities in Java SE affect IBM TXSeries for Multiplatforms

Source: CCN
Type: IBM Security Bulletin 6595269 (z/Transaction Processing Facility)
Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Source: CCN
Type: IBM Security Bulletin 6597243 (CICS Transaction Gateway)
June 2022 :Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6597261 (WebSphere Application Server Patterns)
Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Application Server January 2022 CPU that is bundled with IBM WebSphere Application Server Patterns

Source: CCN
Type: IBM Security Bulletin 6597279 (Sterling Connect:Direct Browser User Interface)
IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java

Source: CCN
Type: IBM Security Bulletin 6597491 (Tivoli Composite Application Manager for Transactions)
IBM SDK, Java Technology Edition Quarterly CPU - Jan 2022 - Includes Oracle January 2022 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Source: CCN
Type: IBM Security Bulletin 6597495 (Tivoli Business Service Manager)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Source: CCN
Type: IBM Security Bulletin 6598363 (Rational Business Developer)
Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Source: CCN
Type: IBM Security Bulletin 6598745 (Event Streams)
Vulnerabilities in the Java JDK affect IBM Event Streams (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-2022-21294, CVE-2022-21293, CVE-2022-21291, CVE-2022-21248)

Source: CCN
Type: IBM Security Bulletin 6598823 (Rational Application Developer)
IBM SDK, Java Technology Edition, Security Update October 2021

Source: CCN
Type: IBM Security Bulletin 6599705 (Tivoli Netcool/Impact)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Source: CCN
Type: IBM Security Bulletin 6602023 (Tivoli Netcool/OMNIbus)
Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6605427 (QRadar SIEM)
A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM

Source: CCN
Type: IBM Security Bulletin 6606241 (Rational Build Forge)
IBM Rational Build Forge is vulnerable to unspecified vulnerabilities due to the use of IBM Java.

Source: CCN
Type: IBM Security Bulletin 6610905 (Workload Scheduler)
Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8, affect IBM Workload Scheduler.

Source: CCN
Type: IBM Security Bulletin 6616545 (Netcool Operations Insight)
Netcool Operations Insight v1.6.5 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6618717 (Intelligent Operations Center)
Multiple vulnerabilities have been identified in IBM Java 8 shipped with IBM Intelligent Operations Center (CVE-2022-21365, CVE-2022-21360, CVE-2022-21349, CVE-2022-21341, CVE-2022-21340, CVE-2022-21305, CVE-20)

Source: CCN
Type: IBM Security Bulletin 6825511 (Rational Synergy)
Multiple Vulnerabilities in Rational Synergy 7.2.2.4

Source: CCN
Type: IBM Security Bulletin 6837345 (PureData System for Operational Analytics)
IBM SDK, Java Technology Edition Quarterly CPU - January 2019 through July 2022 affects AIX LPARs in IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6841803 (Cognos Controller)
IBM Cognos Controller has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6842113 (Operations Analytics Predictive Insights)
Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights

Source: CCN
Type: IBM Security Bulletin 6848847 (Rational Directory Server)
Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Source: CCN
Type: IBM Security Bulletin 6962411 (CICS Transaction Gateway)
June 2022 : Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition

Source: CCN
Type: IBM Security Bulletin 6966320 (Cloud Pak System Software Suite)
Multiple Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jre:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:1.8.0:update311:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*

OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:cloud_insights:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*

OR cpe:/a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.70.1)

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:openjdk:8:-:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update102:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update112:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update152:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update162:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update172:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update192:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update20:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update202:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update212:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update222:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update232:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update40:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:-:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update241:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update80:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update85:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update241:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update60:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update65:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update66:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update71:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update72:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update73:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update74:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update77:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update92:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update101:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update111:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update121:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update131:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update141:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update151:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update161:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update171:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update181:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update191:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update201:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update211:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update221:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update231:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update251:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update101:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update11:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update111:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update121:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update131:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update141:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update151:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update161:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update171:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update181:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update191:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update201:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update211:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update221:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update231:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update25:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update31:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update45:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update51:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update91:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update10:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update11:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update13:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update15:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update17:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update21:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update25:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update3:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update4:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update40:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update45:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update51:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update55:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update6:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update60:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update65:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update67:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update7:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update72:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update76:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update9:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update91:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update95:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update97:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update99:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update1:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update2:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update261:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update271:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update281:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update291:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update301:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update311:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update321:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone1:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone2:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone3:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone4:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone6:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone7:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone8:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone9:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update242:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update252:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update262:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update271:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update281:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update282:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update291:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update301:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update302:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update312:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 11 and <= 11.0.13)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 13 and <= 13.0.9)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 15 and <= 15.0.5)

OR cpe:/a:oracle:openjdk:17:*:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 9:

cpe:/a:redhat:enterprise_linux:8::supplementary:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:java_se:7u321:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:8u311:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:17.01:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

AND

cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.1.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:operations_analytics_predictive_insights:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_software_architect_designer:9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_cast_iron:7.5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:7.5.2.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4.0.0:*:*:*:email:*:*:*

OR cpe:/a:ibm:tivoli_business_service_manager:6.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_functional_tester:9.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:7.5.3.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_administrator:6.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:iot_messagesight:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spss_collaboration_and_deployment_services:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_composite_application_manager:7.4.0:*:*:*:transactions:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.6:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:hardware_management_console:9.2.950.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.4.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7536	P	java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8079	P	java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8080	P	java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7535	P	java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3437	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3438	P	augeas-1.10.1-2.6 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94586	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2957	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94587	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95067	P	java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2956	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95068	P	java-1_8_0-openjdk-1.8.0.322-3.64.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1228	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:127243	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5995	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:126846	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119351	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5205	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:127244	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125680	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:126847	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5206	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125681	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119536	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5994	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:101888	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:com.redhat.rhsa:def:20220970	P	RHSA-2022:0970: java-1.8.0-ibm security update (Moderate)	2022-03-21
oval:org.opensuse.security:def:119715	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:101898	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:1245	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:119530	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:127383	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:6198	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:126985	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:125823	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:93850	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:100433	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:94062	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:100767	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:102102	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:94276	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:1538	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:101662	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:970	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:100095	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:94483	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:119145	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:6181	P	Security update for java-11-openjdk (Moderate)	2022-03-04
oval:com.redhat.rhsa:def:20220307	P	RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)	2022-01-27
oval:com.redhat.rhsa:def:20220306	P	RHSA-2022:0306: java-1.8.0-openjdk security update (Moderate)	2022-01-27
oval:com.redhat.rhsa:def:20220185	P	RHSA-2022:0185: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220204	P	RHSA-2022:0204: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220161	P	RHSA-2022:0161: java-17-openjdk security update (Moderate)	2022-01-19