Sign-up

ID

VAR-202204-0596


CVE

CVE-2022-21434


TITLE

Red Hat Security Advisory 2022-1728-01

Trust: 0.1

sources: PACKETSTORM: 167388

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). It exists that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443). For further information, refer to the release notes linked to in the References section. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Summary: OpenShift Serverless version 1.22.0 contains a moderate security impact. Description: Version 1.22.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2022:1442-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1442 Issue date: 2022-04-20 CVE Names: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: java-11-openjdk-11.0.15.0.9-2.el8_5.src.rpm aarch64: java-11-openjdk-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.aarch64.rpm ppc64le: java-11-openjdk-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.ppc64le.rpm s390x: java-11-openjdk-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.s390x.rpm x86_64: java-11-openjdk-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el8_5.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.aarch64.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.aarch64.rpm ppc64le: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.ppc64le.rpm s390x: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.s390x.rpm x86_64: java-11-openjdk-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-debugsource-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-fastdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-fastdebug-11.0.15.0.9-2.el8_5.x86_64.rpm java-11-openjdk-static-libs-slowdebug-11.0.15.0.9-2.el8_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmAyANzjgjWX9erEAQgTGw//a84AkLLhZU8iQDd7ecaS/EcNnUOXFJ0Q CoHN4WRcj3RibRben6W9zQ65PnA28pUds3SgRbR1tV6xrF5s5QoinqP+gqS7F6hv g+wd9/905dhwuM2Gtob36nuzunkYdtNv9epMfrrLaFjEytBgiIQqvcz4aXedtJdB 0PjUVtH8yJMclzNNlQHj7v6bWKK5jofPo1If1hA+XLxGn/9jbQ3hxLBK5s3Q7oWy 6OE7uW4pn33sGmYN9ZhKXfV3mXgEjNIeI6BK33+csw9mjiSKiwOB1aWqrjjpGxFl iz46yLCprguxHCTzlKrIaqYiL8a9jwVCgRPD5bdELDcSXpUTYC2CAlTlT7EV9OP5 8OVefLnHODX4zgjKY57v01FLYpEi9y8NnYufE7AOHJOILpRUACwvujLNGUYLAi6f fbMniQdtYsQAcNbIsmpRJRM5QDNXYISGkQjSGyC/8vEWCjNtSFnfNYEuOaL9diXx eAzwjDcXJwxxQNUStudqge7D9bnCB77tjGDsiWBs3zymtnvwdpOOttyAfUNrkyHC sChuZbAqpI2q86cmKl1ach1yGLzlfUL03CAB07VH/JK4e87XVqt/ssu+PZt658vb xtLTeggHbcfenkNKwgmx/jaY0LrGtf4aJ5oy4M+A57djeuepb4cevMjGdq+uPV/5 qAZpBpzOUoQ\xa7pd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.4, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector

Trust: 1.8

sources: NVD: CVE-2022-21434 // VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // PACKETSTORM: 167388 // PACKETSTORM: 166903 // PACKETSTORM: 167008 // PACKETSTORM: 167378 // PACKETSTORM: 166800 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 167142

AFFECTED PRODUCTS

vendor:oraclemodel:jrescope:eqversion:18

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.8.0

Trust: 1.0

vendor:netappmodel:santricity unified managerscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:17.32

Trust: 1.0

vendor:netappmodel:cloud insights acquisition unitscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:11.0.14

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:17.0.2

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:22.0.0.2

Trust: 1.0

vendor:netappmodel:cloud secure agentscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:netappmodel:e-series santricity storage managerscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:11.54

Trust: 1.0

vendor:netappmodel:7-mode transition toolscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:15.38

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:13.46

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:18

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.5

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:21.3.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.70.1

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:6.45

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:11.0.14

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.8.0

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:18.28

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:17.0.2

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:7.52

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:8.60

Trust: 1.0

sources: NVD: CVE-2022-21434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-21434
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2022-21434
value: MEDIUM

Trust: 1.0

VULHUB: VHN-407047
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-21434
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-21434
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-407047
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2022-21434
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // NVD: CVE-2022-21434 // NVD: CVE-2022-21434

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-21434

PATCH

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-21434

Trust: 0.1

title:Ubuntu Security Notice: USN-5388-1: OpenJDK vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-1

Trust: 0.1

title:Red Hat: Moderate: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225837 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: java-1.8.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224959 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: USN-5388-2: OpenJDK vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-2

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221487 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221442 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221440 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221488 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 8u332 Windows builds release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221492 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221441 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 11.0.15 security update for Portable Linux Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221435 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221444 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 11.0.15 security update for Windows Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221439 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 8u332 security update for Portable Linux Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221438 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221490 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221491 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221489 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: java-1.7.1-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224957 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221728 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.8.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222137 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-11-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221443 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 17.0.3 security update for Windows Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221437 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-17-openjdk security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221445 - Security Advisory

Trust: 0.1

title:Red Hat: Important: OpenJDK 17.0.3 security update for Portable Linux Buildsurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221436 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-17-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221729 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5131-1 openjdk-11 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5c8840c405cfcf2d530316add80d95b7

Trust: 0.1

title:Debian Security Advisories: DSA-5128-1 openjdk-17 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c35e0aa61b24f917b1354b5d6ba66425

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.8.41 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222272 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Cryostat 2.1.0: new Cryostat on RHEL 8 container imagesurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221679 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container imageurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221713 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.7.50 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221699 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: USN-5546-2: OpenJDK 8 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-2

Trust: 0.1

title:Ubuntu Security Notice: USN-5546-1: OpenJDK vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-1

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 3.11.705 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222281 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1791url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1791

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1790url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1790

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1778url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1778

Trust: 0.1

title:Amazon Linux 2: ALAS2CORRETTO8-2022-002url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2CORRETTO8-2022-002

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222216 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Openshift Logging Security and Bug update Release (5.2.10)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222218 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222217 - Security Advisory

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Centerurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-113

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexusurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-112

Trust: 0.1

title:Amazon Linux 2: ALAS2JAVA-OPENJDK11-2022-002url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2JAVA-OPENJDK11-2022-002

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221622 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Release of OpenShift Serverless Version 1.22.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1633url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1633

Trust: 0.1

title:Amazon Linux AMI: ALAS-2022-1631url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1631

Trust: 0.1

title:Amazon Linux 2: ALAS2-2022-1835url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1835

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-21434

EXTERNAL IDS

db:NVDid:CVE-2022-21434

Trust: 2.0

db:PACKETSTORMid:167378

Trust: 0.2

db:PACKETSTORMid:167008

Trust: 0.2

db:PACKETSTORMid:167388

Trust: 0.2

db:PACKETSTORMid:167142

Trust: 0.2

db:PACKETSTORMid:167456

Trust: 0.1

db:PACKETSTORMid:167385

Trust: 0.1

db:PACKETSTORMid:167327

Trust: 0.1

db:PACKETSTORMid:167980

Trust: 0.1

db:PACKETSTORMid:166967

Trust: 0.1

db:PACKETSTORMid:167122

Trust: 0.1

db:PACKETSTORMid:167088

Trust: 0.1

db:PACKETSTORMid:167164

Trust: 0.1

db:PACKETSTORMid:167140

Trust: 0.1

db:PACKETSTORMid:167942

Trust: 0.1

db:PACKETSTORMid:167454

Trust: 0.1

db:PACKETSTORMid:167271

Trust: 0.1

db:PACKETSTORMid:167979

Trust: 0.1

db:PACKETSTORMid:166954

Trust: 0.1

db:VULHUBid:VHN-407047

Trust: 0.1

db:VULMONid:CVE-2022-21434

Trust: 0.1

db:PACKETSTORMid:166903

Trust: 0.1

db:PACKETSTORMid:166800

Trust: 0.1

db:PACKETSTORMid:166799

Trust: 0.1

db:PACKETSTORMid:166792

Trust: 0.1

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // PACKETSTORM: 167388 // PACKETSTORM: 166903 // PACKETSTORM: 167008 // PACKETSTORM: 167378 // PACKETSTORM: 166800 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 167142 // NVD: CVE-2022-21434

REFERENCES

url:https://security.netapp.com/advisory/ntap-20220429-0006/

Trust: 1.2

url:https://www.debian.org/security/2022/dsa-5128

Trust: 1.2

url:https://www.debian.org/security/2022/dsa-5131

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.2

url:https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html

Trust: 1.2

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21426

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21426

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21443

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21434

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21476

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21476

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21443

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21496

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21434

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21496

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://access.redhat.com/security/team/key/

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2022-21434

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5388-1

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1728

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openjdk/8/html/installing_and_using_openjdk_8_for_windows/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1747

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21449

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41772

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41772

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41771

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2137

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1444

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1441

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1442

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4028

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.1

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // PACKETSTORM: 167388 // PACKETSTORM: 166903 // PACKETSTORM: 167008 // PACKETSTORM: 167378 // PACKETSTORM: 166800 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 167142 // NVD: CVE-2022-21434

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 167388 // PACKETSTORM: 166903 // PACKETSTORM: 167008 // PACKETSTORM: 167378 // PACKETSTORM: 166800 // PACKETSTORM: 166799 // PACKETSTORM: 166792 // PACKETSTORM: 167142

SOURCES

db:VULHUBid:VHN-407047
db:VULMONid:CVE-2022-21434
db:PACKETSTORMid:167388
db:PACKETSTORMid:166903
db:PACKETSTORMid:167008
db:PACKETSTORMid:167378
db:PACKETSTORMid:166800
db:PACKETSTORMid:166799
db:PACKETSTORMid:166792
db:PACKETSTORMid:167142
db:NVDid:CVE-2022-21434

LAST UPDATE DATE

2025-09-30T02:17:50.233000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-407047date:2022-07-28T00:00:00
db:VULMONid:CVE-2022-21434date:2023-04-27T00:00:00
db:NVDid:CVE-2022-21434date:2024-11-21T06:44:41.427

SOURCES RELEASE DATE

db:VULHUBid:VHN-407047date:2022-04-19T00:00:00
db:VULMONid:CVE-2022-21434date:2022-04-19T00:00:00
db:PACKETSTORMid:167388date:2022-06-03T15:59:53
db:PACKETSTORMid:166903date:2022-04-29T12:37:12
db:PACKETSTORMid:167008date:2022-05-10T14:49:09
db:PACKETSTORMid:167378date:2022-06-03T15:37:50
db:PACKETSTORMid:166800date:2022-04-21T15:09:24
db:PACKETSTORMid:166799date:2022-04-21T15:09:12
db:PACKETSTORMid:166792date:2022-04-21T15:08:01
db:PACKETSTORMid:167142date:2022-05-12T15:55:09
db:NVDid:CVE-2022-21434date:2022-04-19T21:15:15.387