Vulnerability CVE-2022-21296 - CERT Civis.Net

Vulnerability Name:

CVE-2022-21296 (CCN-217591)

Assigned:

2021-11-15

Published:

2022-01-18

Updated:

2022-10-27

Summary:

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-noinfo
CWE-212

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-21296

Source: XF
Type: UNKNOWN
oracle-cpujan2022-cve202221296(217591)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-05

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0007/

Source: DEBIAN
Type: Third Party Advisory
DSA-5057

Source: DEBIAN
Type: Third Party Advisory
DSA-5058

Source: CCN
Type: IBM Security Bulletin 6560110 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6565069 (Decision Optimization for Cloud Pak for Data)
Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-21282, CVE-2022-21296, CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6583935 (Watson Assistant for Cloud Pak for data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Oracle Java SE ( CVE-2022-21296)

Source: CCN
Type: IBM Security Bulletin 6594459 (Netcool Operations Insight)
Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jre:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:1.8.0:update311:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*

OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:cloud_insights:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*

OR cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.70.1)

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:openjdk:8:-:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update102:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update112:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update152:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update162:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update172:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update192:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update20:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update202:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update212:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update222:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update232:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update40:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update60:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:-:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update241:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update65:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update66:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update71:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update72:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update73:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update74:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update77:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update92:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update241:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update80:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update85:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update101:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update111:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update121:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update131:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update141:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update151:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update161:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update171:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update181:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update191:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update201:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update101:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update11:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update111:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update121:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update131:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update141:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update151:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update161:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update171:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update181:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update191:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update201:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update211:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update221:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update231:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update25:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update31:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update45:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update51:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update91:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update211:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update221:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update231:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update251:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update10:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update11:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update13:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update15:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update17:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update2:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update21:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update25:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update3:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update4:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update40:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update45:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update51:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update55:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update6:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update60:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update65:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update67:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update7:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update72:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update76:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update9:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update91:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update95:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update97:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update99:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update321:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update312:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update302:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update1:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone1:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone2:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone3:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone4:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone6:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone7:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone8:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone9:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 15 and <= 15.0.5)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 11 and <= 11.0.13)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 13 and <= 13.0.9)

OR cpe:/a:oracle:openjdk:17:*:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update242:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update252:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update262:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update271:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update281:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update282:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update291:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update301:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update261:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update271:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update281:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update291:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update301:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update311:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:java_se:7u321:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:8u311:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:17.01:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8079	P	java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8080	P	java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7535	P	java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7536	P	java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3437	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3438	P	augeas-1.10.1-2.6 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94587	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95067	P	java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2956	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95068	P	java-1_8_0-openjdk-1.8.0.322-3.64.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94586	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2957	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:127244	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125680	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:126847	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5206	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125681	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119536	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5994	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:101888	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:1228	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:127243	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5995	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:126846	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119351	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5205	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:1245	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:119530	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:127383	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:6198	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:126985	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:125823	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:119715	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:101898	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:94062	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:100767	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:102102	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:94276	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:1538	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:101662	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:970	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:100095	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:94483	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:119145	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:93850	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:100433	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:6181	P	Security update for java-11-openjdk (Moderate)	2022-03-04
oval:com.redhat.rhsa:def:20220307	P	RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)	2022-01-27
oval:com.redhat.rhsa:def:20220306	P	RHSA-2022:0306: java-1.8.0-openjdk security update (Moderate)	2022-01-27
oval:com.redhat.rhsa:def:20220185	P	RHSA-2022:0185: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220204	P	RHSA-2022:0204: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220161	P	RHSA-2022:0161: java-17-openjdk security update (Moderate)	2022-01-19