Details of VAR-202204-0596

ID

VAR-202204-0596

CVE

CVE-2022-21434

TITLE

Oracle Java SE Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3831

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). It exists that OpenJDK incorrectly validated the encoded length of certain object identifiers. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-21443). Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2059996 - read_lines_limit needs to be adjusted according to the setting of buffer_chunk_size 2066837 - CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty 5. 9) - aarch64, ppc64le, s390x, x86_64 3. For more information, see the documentation linked in the Solution section. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-21426 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21449 https://access.redhat.com/security/cve/CVE-2022-21476 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 For details about the security issues see these CVE pages: * https://access.redhat.com/security/updates/classification/#low * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index * https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index 6. For the oldstable distribution (buster), this problem has been fixed in version 11.0.15+10-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 11.0.15+10-1~deb11u1. We recommend that you upgrade your openjdk-11 packages. For the detailed security status of openjdk-11 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-11 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AUACgkQEMKTtsN8 TjYPqQ//acxZ7tw58VvpicLhG3iTGRpUcVEVZwCcs1EGSs5sBAT20Q/rvZNc932o //8ipzrsv1pZX4txFzDi9gI279f27RTIhb+vJCWblPoRt7rXVkB7N5TR0UT4IurP ZCDcKF0PaStHPPrD7ZvVVUSQU09cDvHb0ibNnuXguOLCji9sIaPoubIAJ+NAkMIM 54inl1f4FQSwf1yqvZbjlnSvsDmBQ7nGE//yyajhN+JY29SkZdseLRgkAtGsG9+G 8XshJHdAGSuIeCUpJzbcYFdeikwXzQNP0DhvBGyClNmYUS/C4w9KCo8ab6L1rWhQ vnVDIAdX4zH+GTxtZ7xuelNvYUwiTW4DhYHtEoU8UvrhzJJ0ZtidAdEhoLlxJkdK e767zzyHFx9qbd5UFgwn8XMoJKlkkJtThTARypBcbN7mq9j7bxGV0JGTm1K76KJp j2lIau4swGGkFWD2kTLVO5O/chj5l4gsxX2Mi9ipLiBeD2TVTwY/MV1iX5q4EVMg 3Kt4ZSw2AxgwCPzaaSTBpkRcwJyspsAzIQfkmhnJ170v9iUsf5hg3oJV+Mhxqm/F znuzj1FKQ++A50O+6fGPA48T2DRATM7BMGBbjzWjRJ7KEptHEFnBGdkCU33I0YSm MIYXEATq5Z7D5g5SX2WZLOReTr7Y/PLCd6FRZGcFvbs5zjcKSGM= =Ysyl -----END PGP SIGNATURE----- . 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.7.1-ibm security update Advisory ID: RHSA-2022:4957-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2022:4957 Issue date: 2022-06-08 CVE Names: CVE-2021-35561 CVE-2022-21299 CVE-2022-21434 CVE-2022-21443 CVE-2022-21496 ==================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP10. Security Fix(es): * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYqFNktzjgjWX9erEAQgVmQ/9GVBo37J6v+OZMGpw0ZHgDJUgh3zCaX4m bBY2BzzMC+pUhPK9maAqESuM8AcAmatr/UawuxaGvFD7r89QuNRfKTDUpBwzZZLz T60TmAxTFMqNYnHloZAMt2lVosBALa9juOLFL68JeZnMImH4X/GgfLi8vaKwcpSs 7rJKSABBFN4dKP2nH5dzwfywxMR/U+WenDZW2bVW46QtNuH+5RE6iV5uhM/QvsQ3 x4EkfTfaU78yXgyUSBf/68weQS2M6jMb2mb37CEDCBTdYAumGZqE2lwPTV10qvLG OZXvT29LemSojVp2WvkhZLwzccLMA9zOQbhsnY3pyzHt6qGO2Mrl8mpocNyfnAN5 v3EMGZECmZwcpj9dabAhGUOaKoAb+u60pt2UVDJhr93t+4Ixti7cZk2fKp83mbp8 GK98I7bm1pFqGFunTV9RetJEuxgpL5LFAn7I5hznf/Wd/cSMskAuHS6F9XCQo7Po Z7nzdXGZpIFTMTWIzMEHxGmW5gBte7tpLx3fktXzavEf0Xs/MzjOC+9EDWuSuos3 dwgYa9eXABZ2BBd+lk65ndsxWC7FSbwyErnhdJ+087feofeQjazxC2bADsEeGIxv T5x2OtyhTjYtPqPtis5Yi0jLpoBPT/B+vYbb5H/dwqL7Z1fd+tUfvlJPKAOTcUH0 0DBc/eIU86Y\xebZP -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector

Trust: 1.71

sources: NVD: CVE-2022-21434 // VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // PACKETSTORM: 166954 // PACKETSTORM: 167385 // PACKETSTORM: 167008 // PACKETSTORM: 169366 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 167142

AFFECTED PRODUCTS

vendor:	oracle	model:	jre	scope:	eq	version:	18	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	netapp	model:	santricity unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	17.32	Trust: 1.0
vendor:	netapp	model:	cloud insights acquisition unit	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	solidfire\, enterprise sds \& hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	22.0.0.2	Trust: 1.0
vendor:	netapp	model:	cloud secure agent	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity storage manager	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	11.54	Trust: 1.0
vendor:	netapp	model:	7-mode transition tool	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	solidfire \& hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	15.38	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	13.46	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	18	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	20.3.5	Trust: 1.0
vendor:	oracle	model:	graalvm	scope:	eq	version:	21.3.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.70.1	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	6.45	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	11.0.14	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.8.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	18.28	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	17.0.2	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	7.52	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	azul	model:	zulu	scope:	eq	version:	8.60	Trust: 1.0

sources: NVD: CVE-2022-21434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21434
value:	MEDIUM
Trust: 1.0
secalert_us@oracle.com:	CVE-2022-21434
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202204-3831
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-407047
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-21434
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-21434
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-407047
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

secalert_us@oracle.com:	CVE-2022-21434
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // CNNVD: CNNVD-202204-3831 // NVD: CVE-2022-21434 // NVD: CVE-2022-21434

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-21434

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3831

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3831

PATCH

title:	Oracle Java SE Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=190922	Trust: 0.6
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2022-21434	Trust: 0.1
title:	Ubuntu Security Notice: USN-5388-1: OpenJDK vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-1	Trust: 0.1
title:	Red Hat: Moderate: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225837 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: java-1.8.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224959 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: USN-5388-2: OpenJDK vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5388-2	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221487 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221442 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221440 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221488 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 8u332 Windows builds release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221492 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221441 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 11.0.15 security update for Portable Linux Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221435 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221444 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 11.0.15 security update for Windows Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221439 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 8u332 security update for Portable Linux Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221438 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221490 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221491 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221489 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: java-1.7.1-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224957 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221728 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.8.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222137 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-11-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221443 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 17.0.3 security update for Windows Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221437 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-17-openjdk security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221445 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenJDK 17.0.3 security update for Portable Linux Builds	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221436 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-17-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221729 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-5131-1 openjdk-11 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5c8840c405cfcf2d530316add80d95b7	Trust: 0.1
title:	Debian Security Advisories: DSA-5128-1 openjdk-17 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=c35e0aa61b24f917b1354b5d6ba66425	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.8.41 bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222272 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Cryostat 2.1.0: new Cryostat on RHEL 8 container images	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221679 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update for rh-sso-7/sso75-openshift-rhel8 container image	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221713 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.7.50 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221699 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: USN-5546-2: OpenJDK 8 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-2	Trust: 0.1
title:	Ubuntu Security Notice: USN-5546-1: OpenJDK vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5546-1	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 3.11.705 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222281 - Security Advisory	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1791	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1791	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1790	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1790	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1778	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1778	Trust: 0.1
title:	Amazon Linux 2: ALAS2CORRETTO8-2022-002	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2CORRETTO8-2022-002	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.4.1	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222216 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Openshift Logging Security and Bug update Release (5.2.10)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222218 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Logging Security and Bug update Release 5.3.7	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20222217 - Security Advisory	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-113	Trust: 0.1
title:	Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2022-112	Trust: 0.1
title:	Amazon Linux 2: ALAS2JAVA-OPENJDK11-2022-002	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2JAVA-OPENJDK11-2022-002	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6.57 security and extras update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221622 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Release of OpenShift Serverless Version 1.22.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221747 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1633	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1633	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2022-1631	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2022-1631	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2022-1835	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2022-1835	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-21434 // CNNVD: CNNVD-202204-3831

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21434	Trust: 2.5
db:	PACKETSTORM	id:	167385	Trust: 0.8
db:	PACKETSTORM	id:	167008	Trust: 0.8
db:	PACKETSTORM	id:	167142	Trust: 0.8
db:	PACKETSTORM	id:	167454	Trust: 0.8
db:	PACKETSTORM	id:	166954	Trust: 0.8
db:	PACKETSTORM	id:	167327	Trust: 0.7
db:	PACKETSTORM	id:	167980	Trust: 0.7
db:	PACKETSTORM	id:	166967	Trust: 0.7
db:	PACKETSTORM	id:	167088	Trust: 0.7
db:	PACKETSTORM	id:	167164	Trust: 0.7
db:	PACKETSTORM	id:	167942	Trust: 0.7
db:	PACKETSTORM	id:	167271	Trust: 0.7
db:	PACKETSTORM	id:	167979	Trust: 0.7
db:	CS-HELP	id:	SB2022051742	Trust: 0.6
db:	CS-HELP	id:	SB2022070412	Trust: 0.6
db:	CS-HELP	id:	SB2022041944	Trust: 0.6
db:	CS-HELP	id:	SB2022072540	Trust: 0.6
db:	CS-HELP	id:	SB2022051325	Trust: 0.6
db:	CS-HELP	id:	SB2022051235	Trust: 0.6
db:	CS-HELP	id:	SB2022042559	Trust: 0.6
db:	CS-HELP	id:	SB2022070707	Trust: 0.6
db:	CS-HELP	id:	SB2022071332	Trust: 0.6
db:	CS-HELP	id:	SB2022053122	Trust: 0.6
db:	CS-HELP	id:	SB2022072010	Trust: 0.6
db:	CS-HELP	id:	SB2022042139	Trust: 0.6
db:	CS-HELP	id:	SB2022050504	Trust: 0.6
db:	CS-HELP	id:	SB2022042105	Trust: 0.6
db:	CS-HELP	id:	SB2022050424	Trust: 0.6
db:	CS-HELP	id:	SB2022060921	Trust: 0.6
db:	CS-HELP	id:	SB2022042620	Trust: 0.6
db:	PACKETSTORM	id:	166804	Trust: 0.6
db:	PACKETSTORM	id:	166835	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3583	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1840	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2851	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1808	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2373	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3440	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2360	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3824	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3865	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3831	Trust: 0.6
db:	PACKETSTORM	id:	167378	Trust: 0.2
db:	PACKETSTORM	id:	167456	Trust: 0.1
db:	PACKETSTORM	id:	167388	Trust: 0.1
db:	PACKETSTORM	id:	167122	Trust: 0.1
db:	PACKETSTORM	id:	167140	Trust: 0.1
db:	VULHUB	id:	VHN-407047	Trust: 0.1
db:	VULMON	id:	CVE-2022-21434	Trust: 0.1
db:	PACKETSTORM	id:	169366	Trust: 0.1

sources: VULHUB: VHN-407047 // VULMON: CVE-2022-21434 // PACKETSTORM: 166954 // PACKETSTORM: 167385 // PACKETSTORM: 167008 // PACKETSTORM: 169366 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 167142 // CNNVD: CNNVD-202204-3831 // NVD: CVE-2022-21434

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.4
url:	https://security.netapp.com/advisory/ntap-20220429-0006/	Trust: 1.8
url:	https://www.debian.org/security/2022/dsa-5128	Trust: 1.8
url:	https://www.debian.org/security/2022/dsa-5131	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html	Trust: 1.8
url:	https://access.redhat.com/security/cve/cve-2022-21434	Trust: 1.2
url:	https://security.netapp.com/advisory/ntap-20240621-0006/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21443	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21496	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21434	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21496	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21443	Trust: 0.6
url:	https://bugzilla.redhat.com/):	Trust: 0.6
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21426	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21476	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050504	Trust: 0.6
url:	https://packetstormsecurity.com/files/166835/ubuntu-security-notice-usn-5388-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042620	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060921	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042105	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041944	Trust: 0.6
url:	https://packetstormsecurity.com/files/167980/ubuntu-security-notice-usn-5546-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166804/red-hat-security-advisory-2022-1443-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1808	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070707	Trust: 0.6
url:	https://packetstormsecurity.com/files/167088/red-hat-security-advisory-2022-1679-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022053122	Trust: 0.6
url:	https://packetstormsecurity.com/files/167942/red-hat-security-advisory-2022-5837-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2373	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3440	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3583	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-21434/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051742	Trust: 0.6
url:	https://packetstormsecurity.com/files/167271/red-hat-security-advisory-2022-2272-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2851	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051325	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3865	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071332	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1840	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3824	Trust: 0.6
url:	https://packetstormsecurity.com/files/167142/red-hat-security-advisory-2022-2216-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166967/red-hat-security-advisory-2022-1713-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb20220720108	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072540	Trust: 0.6
url:	https://packetstormsecurity.com/files/167327/red-hat-security-advisory-2022-2281-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167164/red-hat-security-advisory-2022-1699-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042559	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042139	Trust: 0.6
url:	https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/oracle-java-vulnerabilities-of-april-2022-38106	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2360	Trust: 0.6
url:	https://packetstormsecurity.com/files/167385/red-hat-security-advisory-2022-1729-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167979/ubuntu-security-notice-usn-5546-2.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051235	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070412	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050424	Trust: 0.6
url:	https://packetstormsecurity.com/files/167454/red-hat-security-advisory-2022-4957-01.html	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-21426	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-21476	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21449	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-21449	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2018-25032	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2018-25032	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security.archlinux.org/cve-2022-21434	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5388-1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8649	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25182	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25173	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25173	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25184	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8647	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25175	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25176	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25176	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0435	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8649	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25174	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25182	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0435	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25315	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25178	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0711	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25175	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1622	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0711	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25183	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25179	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24769	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8647	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25184	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25179	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25181	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25178	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25174	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24769	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25183	Trust: 0.1
url:	https://access.redhat.com/errata/rhba-2022:1621	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1729	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31566	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22825	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23308	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23219	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23218	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1747	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22825	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23308	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22827	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22823	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html/serverless/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-46143	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22826	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23852	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46143	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22827	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22823	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45960	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41772	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-22822	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23852	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23219	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31566	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22822	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-45960	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/openjdk-11	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2137	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35561	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4957	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-35561	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21299	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21299	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37137	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-43797	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25636	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25636	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4028	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4028	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37136	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:2216	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21698	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.1

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 166954 // PACKETSTORM: 167385 // PACKETSTORM: 167008 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 167142

SOURCES

db:	VULHUB	id:	VHN-407047
db:	VULMON	id:	CVE-2022-21434
db:	PACKETSTORM	id:	166954
db:	PACKETSTORM	id:	167385
db:	PACKETSTORM	id:	167008
db:	PACKETSTORM	id:	169366
db:	PACKETSTORM	id:	167378
db:	PACKETSTORM	id:	167454
db:	PACKETSTORM	id:	167142
db:	CNNVD	id:	CNNVD-202204-3831
db:	NVD	id:	CVE-2022-21434

LAST UPDATE DATE

2026-02-08T19:41:37.499000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-407047	date:	2022-07-28T00:00:00
db:	VULMON	id:	CVE-2022-21434	date:	2023-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202204-3831	date:	2022-12-09T00:00:00
db:	NVD	id:	CVE-2022-21434	date:	2024-11-21T06:44:41.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-407047	date:	2022-04-19T00:00:00
db:	VULMON	id:	CVE-2022-21434	date:	2022-04-19T00:00:00
db:	PACKETSTORM	id:	166954	date:	2022-05-04T21:42:33
db:	PACKETSTORM	id:	167385	date:	2022-06-03T15:56:14
db:	PACKETSTORM	id:	167008	date:	2022-05-10T14:49:09
db:	PACKETSTORM	id:	169366	date:	2022-05-28T19:12:00
db:	PACKETSTORM	id:	167378	date:	2022-06-03T15:37:50
db:	PACKETSTORM	id:	167454	date:	2022-06-09T16:10:41
db:	PACKETSTORM	id:	167142	date:	2022-05-12T15:55:09
db:	CNNVD	id:	CNNVD-202204-3831	date:	2022-04-19T00:00:00
db:	NVD	id:	CVE-2022-21434	date:	2022-04-19T21:15:15.387