ID

VAR-202204-0596


CVE

CVE-2022-21434


TITLE

Red Hat Security Advisory 2022-1439-01

Trust: 0.1

sources: PACKETSTORM: 166899

DESCRIPTION

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:2270 Space precludes documenting all of the container images in this advisory. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-x86_64 The image digest is sha256:4ebcb3aea63d4acbb92118d3ae7ed08d3ebb1a66e7f79fddbb4da74883a12d0a (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-s390x The image digest is sha256:5ed0fc5b89e3ec257db50f936f788492211e4de4a741f930191ab2d3bc7ceec3 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.41-ppc64le The image digest is sha256:908ec3688cc152b15faaea3f71bb4ba59565df60e9846f08fcd15a6c2b43274a All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2057544 - Cancel rpm-ostree transaction after failed rebase 2058674 - whereabouts IPAM CNI ip-reconciler cronjob specification requires hostnetwork, api-int lb usage & proper backoff 2062655 - [4.8.z backport] cluster scaling new nodes ovs-configuration fails on all new nodes 2070762 - [4.8z] WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2074053 - Internal registries with a big number of images delay pod creation due to recursive SELinux file context relabeling 2074680 - csv_succeeded metric not present in olm-operator for all successful CSVs 2076211 - CVE-2022-1677 openshift/router: route hijacking attack via crafted HAProxy configuration file 2077004 - Bump to latest available 1.21.11 k8s 2077370 - [4.8.z] NetworkPolicy tests are failing on metal IPv6 2077765 - (release-4.8) Gather namespace names with overlapping UID ranges 2078477 - Latest ose-jenkins-agent-base:v4.9.0 image fails to start on OpenShift due to FIPS error 2084259 - [4.8] OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2088196 - Redfish set boot device failed for node in OCP 4.8 latest RC 5. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.7.1-ibm security update Advisory ID: RHSA-2022:4957-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2022:4957 Issue date: 2022-06-08 CVE Names: CVE-2021-35561 CVE-2022-21299 CVE-2022-21434 CVE-2022-21443 CVE-2022-21496 ==================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP10. Security Fix(es): * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2014524 - CVE-2021-35561 OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) 2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) 2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972) 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 7): ppc64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.5.10-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.5.10-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-35561 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21434 https://access.redhat.com/security/cve/CVE-2022-21443 https://access.redhat.com/security/cve/CVE-2022-21496 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYqFNktzjgjWX9erEAQgVmQ/9GVBo37J6v+OZMGpw0ZHgDJUgh3zCaX4m bBY2BzzMC+pUhPK9maAqESuM8AcAmatr/UawuxaGvFD7r89QuNRfKTDUpBwzZZLz T60TmAxTFMqNYnHloZAMt2lVosBALa9juOLFL68JeZnMImH4X/GgfLi8vaKwcpSs 7rJKSABBFN4dKP2nH5dzwfywxMR/U+WenDZW2bVW46QtNuH+5RE6iV5uhM/QvsQ3 x4EkfTfaU78yXgyUSBf/68weQS2M6jMb2mb37CEDCBTdYAumGZqE2lwPTV10qvLG OZXvT29LemSojVp2WvkhZLwzccLMA9zOQbhsnY3pyzHt6qGO2Mrl8mpocNyfnAN5 v3EMGZECmZwcpj9dabAhGUOaKoAb+u60pt2UVDJhr93t+4Ixti7cZk2fKp83mbp8 GK98I7bm1pFqGFunTV9RetJEuxgpL5LFAn7I5hznf/Wd/cSMskAuHS6F9XCQo7Po Z7nzdXGZpIFTMTWIzMEHxGmW5gBte7tpLx3fktXzavEf0Xs/MzjOC+9EDWuSuos3 dwgYa9eXABZ2BBd+lk65ndsxWC7FSbwyErnhdJ+087feofeQjazxC2bADsEeGIxv T5x2OtyhTjYtPqPtis5Yi0jLpoBPT/B+vYbb5H/dwqL7Z1fd+tUfvlJPKAOTcUH0 0DBc/eIU86Y\xebZP -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2437 - EO shouldn't grant cluster-wide permission to system:serviceaccount:openshift-monitoring:prometheus-k8s when ES cluster is deployed. [openshift-logging 5.4] LOG-2442 - Log file metric exporter not working with /var/log/pods LOG-2448 - Audit and journald logs cannot be viewed from LokiStack, when logs are forwarded with Vector as collector. For the stable distribution (bullseye), these problems have been fixed in version 17.0.3+7-1~deb11u1. We recommend that you upgrade your openjdk-17 packages. For the detailed security status of openjdk-17 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openjdk-17 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJxl3wACgkQEMKTtsN8 Tja/zg/7BeUmTL3RGbn6PBexYoRYRGd5TIgkjajpMhKJfgMJezJ95sDP1jKZmZ7W 5W7R3iqBYUIjJl+wcoDpSN2HyApXNUkLTMeTbNgJCwipJwk4LG79zcXLxAtBqmJl hKt8ij5V4wQiou1NDhTYpGdLLQUQ8wQEX05veO5U80KYuMc2TzvRwsjzzAF1K3WM zEKV8HJ3SLJcnb24s2PLpoPZLaWerJurcUwQG01OJVlp4smvuBzw1imExMOG5P9D iX9CogACSoupamHCkpInajxtvzLx/Kb39obHOVIJmYlVJif9Vt4XMd+IRFv1ZiWK bvmsexifgn96D2Qc9uoHMKanMsqb5bjN+jtyRSq/BRpADManyU9O0NPFAxuqkBk2 Zj1YiljDHTHdMmp/lnpMZA8Zxnm7JVQlNxxvrBsLttiEhytCkhAxBOzprXg00yoH HQaRiOsPCDUTlvS73V3e5QfqTjWihUHiIwprxzL0nVIq7gZfwDs7/80QPZjm/yPK OwOLGSobA2J/iyEG5VlLEaxyOBeyAfw5uMR5iHe0TKofyxBXFdSo69/oYDB8CVYp ncJxX9e32EIrB/4aqCM9r/nVhos4QdwDfJIWncQVooQQisPd8zXLccSi9PkFxFQS k4BnXv70QlIq9PnWi209kPyaU3TcQwEYRjZJBZqYRESaHLLnPGw= =O0QV -----END PGP SIGNATURE----- . Summary: Security updated rh-sso-7/sso75-openshift-rhel8 container image is now available for RHEL-8 based Middleware Containers. Description: The rh-sso-7/sso75-openshift-rhel8 container image has been updated for RHEL-8 based Middleware Containers to include the following security issues. Users of rh-sso-7/sso75-openshift-rhel8 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References). Solution: The RHEL-8 based Middleware Containers container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 2071036 - CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange 5

Trust: 1.8

sources: NVD: CVE-2022-21434 // VULHUB: VHN-407047 // PACKETSTORM: 166899 // PACKETSTORM: 167088 // PACKETSTORM: 167271 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 167942 // PACKETSTORM: 167142 // PACKETSTORM: 169256 // PACKETSTORM: 166967

AFFECTED PRODUCTS

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0.0

Trust: 1.0

vendor:netappmodel:e-series santricity storage managerscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:cloud secure agentscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:6.45

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:22.0.0.2

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:11.0.14

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfire \& hci management nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:7-mode transition toolscope:eqversion: -

Trust: 1.0

vendor:netappmodel:oncommand insightscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:18

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.8.0

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:11.54

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:18.28

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:17.0.2

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:20.3.5

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.70.1

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:13.46

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:8.60

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:11.0.14

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.8.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:netappmodel:cloud insights acquisition unitscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:7.52

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:17.0.2

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:eqversion: -

Trust: 1.0

vendor:netappmodel:santricity unified managerscope:eqversion: -

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:15.38

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:18

Trust: 1.0

vendor:azulmodel:zuluscope:eqversion:17.32

Trust: 1.0

vendor:oraclemodel:graalvmscope:eqversion:21.3.1

Trust: 1.0

sources: NVD: CVE-2022-21434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-21434
value: MEDIUM

Trust: 1.0

secalert_us@oracle.com: CVE-2022-21434
value: MEDIUM

Trust: 1.0

VULHUB: VHN-407047
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-21434
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-407047
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

secalert_us@oracle.com: CVE-2022-21434
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-407047 // NVD: CVE-2022-21434 // NVD: CVE-2022-21434

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2022-21434

TYPE

info disclosure

Trust: 0.1

sources: PACKETSTORM: 169256

EXTERNAL IDS

db:NVDid:CVE-2022-21434

Trust: 2.0

db:PACKETSTORMid:167378

Trust: 0.2

db:PACKETSTORMid:166967

Trust: 0.2

db:PACKETSTORMid:167088

Trust: 0.2

db:PACKETSTORMid:167142

Trust: 0.2

db:PACKETSTORMid:167942

Trust: 0.2

db:PACKETSTORMid:167454

Trust: 0.2

db:PACKETSTORMid:167271

Trust: 0.2

db:PACKETSTORMid:167456

Trust: 0.1

db:PACKETSTORMid:167385

Trust: 0.1

db:PACKETSTORMid:167327

Trust: 0.1

db:PACKETSTORMid:167008

Trust: 0.1

db:PACKETSTORMid:167980

Trust: 0.1

db:PACKETSTORMid:167388

Trust: 0.1

db:PACKETSTORMid:167122

Trust: 0.1

db:PACKETSTORMid:167164

Trust: 0.1

db:PACKETSTORMid:167140

Trust: 0.1

db:PACKETSTORMid:167979

Trust: 0.1

db:PACKETSTORMid:166954

Trust: 0.1

db:VULHUBid:VHN-407047

Trust: 0.1

db:PACKETSTORMid:166899

Trust: 0.1

db:PACKETSTORMid:169256

Trust: 0.1

sources: VULHUB: VHN-407047 // PACKETSTORM: 166899 // PACKETSTORM: 167088 // PACKETSTORM: 167271 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 167942 // PACKETSTORM: 167142 // PACKETSTORM: 169256 // PACKETSTORM: 166967 // NVD: CVE-2022-21434

REFERENCES

url:https://security.netapp.com/advisory/ntap-20220429-0006/

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5128

Trust: 1.1

url:https://www.debian.org/security/2022/dsa-5131

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2022/05/msg00017.html

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20240621-0006/

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-21434

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-21443

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-21496

Trust: 0.9

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21443

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21496

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2022-21434

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-21426

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-21476

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2022-21426

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2022-21476

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1271

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1154

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-1154

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-35561

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35561

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1245

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2022:1439

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openjdk/11/html/installing_and_using_openjdk_11_for_windows/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3121

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1679

Trust: 0.1

url:https://access.redhat.com/containers

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2272

Trust: 0.1

url:https://access.redhat.com/errata/rhba-2022:2270

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1677

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1677

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2137

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:4957

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21299

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21299

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5837

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43797

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4028

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4028

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0778

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:2216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21698

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21449

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openjdk-17

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/containers/?tab=images#/registry.access.redhat.com/rh-sso-7/sso75-openshift-rhel8

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1245

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1713

Trust: 0.1

sources: VULHUB: VHN-407047 // PACKETSTORM: 166899 // PACKETSTORM: 167088 // PACKETSTORM: 167271 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 167942 // PACKETSTORM: 167142 // PACKETSTORM: 169256 // PACKETSTORM: 166967 // NVD: CVE-2022-21434

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 166899 // PACKETSTORM: 167088 // PACKETSTORM: 167271 // PACKETSTORM: 167378 // PACKETSTORM: 167454 // PACKETSTORM: 167942 // PACKETSTORM: 167142 // PACKETSTORM: 166967

SOURCES

db:VULHUBid:VHN-407047
db:PACKETSTORMid:166899
db:PACKETSTORMid:167088
db:PACKETSTORMid:167271
db:PACKETSTORMid:167378
db:PACKETSTORMid:167454
db:PACKETSTORMid:167942
db:PACKETSTORMid:167142
db:PACKETSTORMid:169256
db:PACKETSTORMid:166967
db:NVDid:CVE-2022-21434

LAST UPDATE DATE

2026-07-04T21:00:49.697000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-407047date:2022-07-28T00:00:00
db:NVDid:CVE-2022-21434date:2026-06-17T04:26:15.493

SOURCES RELEASE DATE

db:VULHUBid:VHN-407047date:2022-04-19T00:00:00
db:PACKETSTORMid:166899date:2022-04-29T12:36:31
db:PACKETSTORMid:167088date:2022-05-11T16:48:11
db:PACKETSTORMid:167271date:2022-05-26T16:32:44
db:PACKETSTORMid:167378date:2022-06-03T15:37:50
db:PACKETSTORMid:167454date:2022-06-09T16:10:41
db:PACKETSTORMid:167942date:2022-08-04T14:46:43
db:PACKETSTORMid:167142date:2022-05-12T15:55:09
db:PACKETSTORMid:169256date:2022-05-28T19:12:00
db:PACKETSTORMid:166967date:2022-05-05T17:31:42
db:NVDid:CVE-2022-21434date:2022-04-19T21:15:15.387