Vulnerability CVE-2022-21299 - CERT Civis.Net

Vulnerability Name:

CVE-2022-21299 (CCN-217594)

Assigned:

2021-11-15

Published:

2022-01-18

Updated:

2022-09-29

Summary:

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo
CWE-835

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2022-21299

Source: XF
Type: UNKNOWN
oracle-cpujan2022-cve202221299(217594)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-05

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0007/

Source: DEBIAN
Type: Third Party Advisory
DSA-5057

Source: DEBIAN
Type: Third Party Advisory
DSA-5058

Source: CCN
Type: IBM Security Bulletin 6560110 (Semeru Runtimes)
Multiple vulnerabilities may affect IBM Semeru Runtime

Source: CCN
Type: IBM Security Bulletin 6565069 (Decision Optimization for Cloud Pak for Data)
Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2022-21282, CVE-2022-21296, CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6583955 (Watson Assistant for Cloud Pak for data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6591185 (Java)
CVE-2022-21299 may affect IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6594181 (Liberty for Java)
IBM Java XML vulnerability affects Liberty for Java for IBM Cloud due to CVE-2022-21299 deferred from Oracle Jan 2022 CPU

Source: CCN
Type: IBM Security Bulletin 6594459 (Netcool Operations Insight)
Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6594523 (WebSphere Application Server)
Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2022 CPU plus deferred CVE-2022-21299

Source: CCN
Type: IBM Security Bulletin 6594861 (AIX)
Multiple vulnerabilities in IBM Java SDK affect AIX

Source: CCN
Type: IBM Security Bulletin 6595269 (z/Transaction Processing Facility)
Multiple vulnerabilities in IBM Java Runtime affect z/Transaction Processing Facility

Source: CCN
Type: IBM Security Bulletin 6597557 (CICS Transaction Gateway)
A vulnerability (CVE-2022-21299) in IBM Java Runtime affects CICS Transaction Gateway

Source: CCN
Type: IBM Security Bulletin 6598349 (WebSphere eXtreme Scale)
Multiple Vulnerabilities in IBM Runtime Environment Java Technology Edition affects WebSphere eXtreme Scale

Source: CCN
Type: IBM Security Bulletin 6598765 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6600745 (App Connect Professional)
Multiple vulnerabilities in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional.

Source: CCN
Type: IBM Security Bulletin 6601513 (Tivoli Netcool/Impact)
A security vulnerability has been identified in in IBM Java SDK shipoped with IBM Tivoli Netcool Impact (CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6601539 (Tivoli Application Dependency Discovery Manager)
IBM SDK Java Technology Edition, is used by IBM Tivoli Application Dependency Discovery Manager (TADDM) and is vulnerable to a denial of service (CVE-2021-35561, CVE-2022-21443, CVE-2022-21434,CVE-2022-21496,CVE-2022-21299).

Source: CCN
Type: IBM Security Bulletin 6601685 (InfoSphere Information Server)
Multiple vulnerabilities in IBM Java SDK (April 2022) affect IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 6603693 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Source: CCN
Type: IBM Security Bulletin 6603983 (WebSphere Cast Iron)
The vulnerability CVE-2022-21299 in IBM Java SDK affects IBM WebSphere Cast Iron Solution & App Connect Professional

Source: CCN
Type: IBM Security Bulletin 6605001 (Rational ClearQuest)
Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest (CVE-2021-35561, CVE-2022-21299, CVE-2022-21496)

Source: CCN
Type: IBM Security Bulletin 6605811 (Rational ClearCase)
Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase ( CVE-2021-35578, CVE-2021-35603, CVE-2021-35550, CVE-2021-35561, CVE-2022-21299 )

Source: CCN
Type: IBM Security Bulletin 6609280 (Security SOAR)
IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.6

Source: CCN
Type: IBM Security Bulletin 6610084 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Log4j 1.x

Source: CCN
Type: IBM Security Bulletin 6611993 (i)
IBM Java SDK and IBM Java Runtime for IBM I are vulnerable to unauthenticated attacker to cause a denial of service or low integrity impact due to multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6613899 (b-type SAN directors and switches)
Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Source: CCN
Type: IBM Security Bulletin 6618013 (Cloud Pak for Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2022

Source: CCN
Type: IBM Security Bulletin 6618045 (Tivoli Monitoring)
Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Source: CCN
Type: IBM Security Bulletin 6619105 (Intelligent Operations Center)
XML vulnerability found in IBM Java 8.0 which is shipped with IBM Intelligent Operations Center (CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6620971 (Watson Explorer)
Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2022-21496, CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6824125 (Decision Optimization Center)
A vulnerability in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6824141 (App Connect Enterprise)
Multiple vulnerabilities in IBM Java Runtime affect IBM App Connect Enterprise and IBM Integration Bus

Source: CCN
Type: IBM Security Bulletin 6824775 (CICS TX Advanced)
IBM CICS TX Advanced is vulnerable to a denial of service exposure due to IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6824777 (CICS TX Standard)
IBM CICS TX Standard is vulnerable to a denial of service exposure due to IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6824779 (TXSeries for Multiplatforms)
TXSeries for Multiplatforms is vulnerable to a denial of service exposure due to IBM SDK, Java Technology Edition

Source: CCN
Type: IBM Security Bulletin 6824851 (ILOG CPLEX Optimization Studio)
A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2022-21299)

Source: CCN
Type: IBM Security Bulletin 6825109 (Content Collector)
CVE-2022-21299 may affect JAXP component used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Source: CCN
Type: IBM Security Bulletin 6825511 (Rational Synergy)
Multiple Vulnerabilities in Rational Synergy 7.2.2.4

Source: CCN
Type: IBM Security Bulletin 6826665 (Rational Business Developer)
Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Source: CCN
Type: IBM Security Bulletin 6826699 (QRadar SIEM)
A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM QRadar SIEM

Source: CCN
Type: IBM Security Bulletin 6828555 (Security Guardium)
Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Source: CCN
Type: IBM Security Bulletin 6832092 (Rational Software Architect Designer)
IBM SDK, Java Technology Edition Quarterly CPU - Apr 2022and Jul 2022

Source: CCN
Type: IBM Security Bulletin 6837345 (PureData System for Operational Analytics)
IBM SDK, Java Technology Edition Quarterly CPU - January 2019 through July 2022 affects AIX LPARs in IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6839563 (Rational Application Developer)
IBM SDK, Java Technology Edition, Security Update July 2022

Source: CCN
Type: IBM Security Bulletin 6848847 (Rational Directory Server)
Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Source: CCN
Type: IBM Security Bulletin 6852241 (Tivoli Netcool/OMNIbus)
Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6852783 (Tivoli Network Manager)
A vulnerability exists in IBM SDK, Java Technology Edition affecting IBM Tivoli Network Manager v4.2 (CVE-2022-21299).

Source: CCN
Type: IBM Security Bulletin 6855637 (Tivoli Netcool Configuration Manager)
A vulnerability exists in IBM SDK, Java Technology Edition affecting IBM Tivoli Netcool Configuration Manager (CVE-2022-21299).

Source: CCN
Type: IBM Security Bulletin 6963079 (CICS Transaction Gateway)
A vulnerability (CVE-2022-21299) in IBM Java Runtime affects CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition

Source: CCN
Type: IBM Security Bulletin 6966320 (Cloud Pak System Software Suite)
Multiple Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jre:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:jre:1.8.0:update311:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:17.0.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update321:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.8.0:update311:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:snapmanager:-:*:*:*:*:oracle:*:*

OR cpe:/a:netapp:snapmanager:-:*:*:*:*:sap:*:*

OR cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:oncommand_insight:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:cloud_insights:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*

OR cpe:/a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.70.1)

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:openjdk:8:-:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update102:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update112:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update152:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update162:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update172:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update192:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update20:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update202:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update212:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update222:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update232:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update40:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:-:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update241:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update80:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update85:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update241:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update60:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update65:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update66:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update71:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update72:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update73:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update74:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update77:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update92:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update101:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update111:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update121:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update131:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update141:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update151:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update161:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update171:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update181:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update191:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update201:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update211:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update221:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update231:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update251:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update101:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update11:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update111:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update121:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update131:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update141:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update151:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update161:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update171:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update181:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update191:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update201:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update211:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update221:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update231:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update25:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update31:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update45:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update51:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update91:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update10:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update11:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update13:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update15:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update17:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update21:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update25:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update3:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update4:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update40:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update45:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update51:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update55:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update6:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update60:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update65:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update67:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update7:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update72:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update76:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update9:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update91:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update95:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update97:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update99:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update1:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update2:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update261:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update271:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update281:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update291:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update301:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update311:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:7:update321:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone1:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone2:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone3:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone4:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone5:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone6:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone7:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone8:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:milestone9:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update242:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update252:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update262:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update271:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update281:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update282:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update291:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update301:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update302:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:8:update312:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 11 and <= 11.0.13)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 13 and <= 13.0.9)

OR cpe:/a:oracle:openjdk:*:*:*:*:*:*:*:* (Version >= 15 and <= 15.0.5)

OR cpe:/a:oracle:openjdk:17:*:*:*:*:*:*:*

OR cpe:/a:oracle:openjdk:17.0.1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:java_se:7u321:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:8u311:*:*:*:*:*:*:*

OR cpe:/a:oracle:java_se:11.0.13:*:*:*:*:*:*:*

OR cpe:/a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*

AND

cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_network_manager:3.9:*:ip:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.5:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_netcool_configuration_manager:6.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.1.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:decision_optimization_center:3.9.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:9.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:::~~liberty~~~:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:ilog_cplex_optimization_studio:12.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_cast_iron:7.5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:7.5.2.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:ilog_cplex_optimization_studio:12.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:7.5.3.0:*:*:*:professional:*:*:*

OR cpe:/a:ibm:java:7.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:7.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_directory_administrator:6.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:ilog_cplex_optimization_studio:12.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:decision_optimization_center:3.9.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:decision_optimization_center:3.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:txseries:9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_explorer:12.0.3:*:deep_analytics:*:analytical_components:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_business_developer:9.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:decision_optimization_center:3.9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:9.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_clearquest:9.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_application_developer:9.6:*:*:*:websphere:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*

OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*

OR cpe:/a:ibm:app_connect_enterprise:12.0.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cics_transaction_gateway:9.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_network_manager:4.1.1:*:ip:*:*:*:*:*

OR cpe:/a:ibm:tivoli_network_manager:4.2:*:ip:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7536	P	java-17-openjdk-17.0.7.0-150400.3.18.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8079	P	java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8080	P	java-1_8_0-openjdk-1.8.0.362-150000.3.76.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7535	P	java-11-openjdk-11.0.19.0-150000.3.96.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95353	P	Security update for java-1_8_0-ibm (Important)	2022-08-03
oval:org.opensuse.security:def:664	P	Security update for java-1_8_0-ibm (Important)	2022-08-03
oval:org.opensuse.security:def:3723	P	Security update for java-1_8_0-ibm (Important)	2022-08-03
oval:org.opensuse.security:def:119647	P	Security update for java-1_8_0-ibm (Important)	2022-08-03
oval:org.opensuse.security:def:119462	P	Security update for java-1_8_0-ibm (Important)	2022-08-03
oval:org.opensuse.security:def:5298	P	Security update for java-1_7_1-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:125763	P	Security update for java-1_8_0-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:6106	P	Security update for java-1_7_1-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:126926	P	Security update for java-1_7_1-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:5301	P	Security update for java-1_8_0-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:6109	P	Security update for java-1_8_0-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:126927	P	Security update for java-1_8_0-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:127323	P	Security update for java-1_7_1-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:125762	P	Security update for java-1_7_1-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:127324	P	Security update for java-1_8_0-ibm (Important)	2022-07-23
oval:org.opensuse.security:def:3437	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3438	P	augeas-1.10.1-2.6 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94586	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94587	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2956	P	java-11-openjdk-11.0.15.0-150000.3.80.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95067	P	java-1_8_0-ibm-1.8.0_sr7.5-150000.3.56.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2957	P	java-17-openjdk-17.0.3.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95068	P	java-1_8_0-openjdk-1.8.0.322-3.64.2 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:126847	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:127243	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125680	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:127244	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119536	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5205	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:125681	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:101888	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:119351	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5994	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:126846	P	Security update for java-1_7_1-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:1228	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5206	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:5995	P	Security update for java-1_8_0-ibm (Important)	2022-03-29
oval:org.opensuse.security:def:1245	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:119715	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:6198	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:119530	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:127383	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:125823	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:126985	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:101898	P	Security update for java-1_8_0-openjdk (Important)	2022-03-16
oval:org.opensuse.security:def:93850	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:100767	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:102102	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:94062	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:1538	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:101662	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:119145	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:970	P	Security update for java-11-openjdk (Moderate)	2022-03-14
oval:org.opensuse.security:def:100095	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:94276	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:100433	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:94483	P	(Moderate)	2022-03-14
oval:org.opensuse.security:def:6181	P	Security update for java-11-openjdk (Moderate)	2022-03-04
oval:com.redhat.rhsa:def:20220307	P	RHSA-2022:0307: java-1.8.0-openjdk security and bug fix update (Moderate)	2022-01-27
oval:com.redhat.rhsa:def:20220306	P	RHSA-2022:0306: java-1.8.0-openjdk security update (Moderate)	2022-01-27
oval:com.redhat.rhsa:def:20220185	P	RHSA-2022:0185: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220204	P	RHSA-2022:0204: java-11-openjdk security update (Moderate)	2022-01-24
oval:com.redhat.rhsa:def:20220161	P	RHSA-2022:0161: java-17-openjdk security update (Moderate)	2022-01-19