Action not permitted
Modal body text goes here.
CVE-2022-21597
Vulnerability from cvelistv5
Published
2022-10-18 00:00
Modified
2024-09-24 19:36
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2022.html | Patch, Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Oracle Corporation | GraalVM Enterprise Edition |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T15:27:22.832590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:36:07.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GraalVM Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.7"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.3"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-18T00:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21597",
"datePublished": "2022-10-18T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-24T19:36:07.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-21597\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2022-10-18T21:15:11.583\",\"lastModified\":\"2022-10-20T04:27:54.717\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el producto Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JavaScript). Las versiones soportadas que est\u00e1n afectadas son Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 y 22.2.0. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GraalVM Enterprise Edition. CVSS 3.1 Puntuaci\u00f3n Base 5.3 (Impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"0DDD4602-7175-4DB6-B9D9-E7CDF482D263\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"71668668-8383-4366-A184-F26455271914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"C99B4F5D-3784-42B8-89CA-CDD2AA86B80E\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2022.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
wid-sec-w-2022-1789
Vulnerability from csaf_certbund
Published
2022-10-18 22:00
Modified
2023-11-07 23:00
Summary
Oracle Java SE: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- MacOS X
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1789 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1789.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1789 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1789"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7068313 vom 2023-11-07",
"url": "https://www.ibm.com/support/pages/node/7068313"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7058364 vom 2023-10-24",
"url": "https://www.ibm.com/support/pages/node/7058364"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7001549 vom 2023-06-06",
"url": "https://www.ibm.com/support/pages/node/7001549"
},
{
"category": "external",
"summary": "HCL Article KB0104916 vom 2023-06-06",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104916"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6839869 vom 2023-04-12",
"url": "https://www.cybersecurity-help.cz/vdb/SB2023041233"
},
{
"category": "external",
"summary": "HCL Article KB0104083 vom 2023-03-31",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0104083"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6967237 vom 2023-03-30",
"url": "https://www.ibm.com/support/pages/node/6967237"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6967477 vom 2023-03-31",
"url": "https://www.ibm.com/support/pages/node/6967477"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6963071 vom 2023-03-20",
"url": "http://www.ibm.com/support/pages/node/6963071"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6963640 vom 2023-03-17",
"url": "https://www.ibm.com/support/pages/node/6963640"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6963642 vom 2023-03-17",
"url": "https://www.ibm.com/support/pages/node/6963642"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6963075 vom 2023-03-13",
"url": "https://www.ibm.com/support/pages/node/6963075"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6962813 vom 2023-03-10",
"url": "https://www.ibm.com/support/pages/node/6962813"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1697 vom 2023-03-07",
"url": "https://alas.aws.amazon.com/ALAS-2023-1697.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6959625 vom 2023-03-02",
"url": "https://www.ibm.com/support/pages/node/6959625"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6958677 vom 2023-02-28",
"url": "https://www.ibm.com/support/pages/node/6958677"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6858041 vom 2023-02-24",
"url": "https://www.ibm.com/support/pages/node/6858041"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - October 2022 - Appendix Oracle Java SE vom 2022-10-18",
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA"
},
{
"category": "external",
"summary": "Amazon Corretto Release 8.352.08.1 vom 2022-10-18",
"url": "https://github.com/corretto/corretto-8/blob/release-8.352.08.1/CHANGELOG.md"
},
{
"category": "external",
"summary": "Amazon Corretto Release 11.0.17.8.1 vom 2022-10-18",
"url": "https://github.com/corretto/corretto-11/blob/release-11.0.17.8.1/CHANGELOG.md"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7008 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7000 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7000"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7001 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7001"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7002 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7002"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7009 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7009"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7003 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7003"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7004 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7004"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7005 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7005"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7006 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7010 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7010"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7011 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7011"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7012 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7012"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7054 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7054"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-152 vom 2022-10-20",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-152.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7007 vom 2022-10-21",
"url": "https://linux.oracle.com/errata/ELSA-2022-7007.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7007 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7007"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-151 vom 2022-10-20",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-151.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7013 vom 2022-10-21",
"url": "https://linux.oracle.com/errata/ELSA-2022-7013.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7013 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7013"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7049 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7049"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7050 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7050"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7053 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7053"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6999 vom 2022-10-21",
"url": "https://linux.oracle.com/errata/ELSA-2022-6999.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7051 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7051"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7052 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7052"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-153 vom 2022-10-20",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-153.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6999 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:6999"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7000 vom 2022-10-21",
"url": "https://linux.oracle.com/errata/ELSA-2022-7000.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7006 vom 2022-10-21",
"url": "https://linux.oracle.com/errata/ELSA-2022-7006.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7012 vom 2022-10-21",
"url": "https://linux.oracle.com/errata/ELSA-2022-7012.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7002 vom 2022-10-21",
"url": "http://linux.oracle.com/errata/ELSA-2022-7002.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1866 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1866.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1867 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1867.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-7008 vom 2022-10-21",
"url": "http://linux.oracle.com/errata/ELSA-2022-7008.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASCORRETTO8-2022-004 vom 2022-10-25",
"url": "https://alas.aws.amazon.com/AL2/ALASCORRETTO8-2022-004.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2022-1C07902A5E vom 2022-10-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-1c07902a5e"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:7002 vom 2022-10-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-October/073643.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2022:7008 vom 2022-10-26",
"url": "https://lists.centos.org/pipermail/centos-announce/2022-October/073642.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7216 vom 2022-11-03",
"url": "https://access.redhat.com/errata/RHSA-2022:7216"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-139 vom 2022-11-08",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-139/index.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6882 vom 2022-11-09",
"url": "https://access.redhat.com/errata/RHSA-2022:6882"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5719-1 vom 2022-11-09",
"url": "https://ubuntu.com/security/notices/USN-5719-1"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6839127 vom 2022-11-15",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-15/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6839565 vom 2022-11-16",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-due-to-the-october-2022-cpu/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4078-1 vom 2022-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012996.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4080-1 vom 2022-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012998.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4079-1 vom 2022-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4166-1 vom 2022-11-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013066.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4250-1 vom 2022-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013129.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4290-1 vom 2022-11-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013160.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8880 vom 2022-12-07",
"url": "https://access.redhat.com/errata/RHSA-2022:8880"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8781 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8781"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4373-1 vom 2022-12-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013207.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6840391 vom 2022-12-09",
"url": "https://www.ibm.com/support/pages/node/6840391"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:4452-1 vom 2022-12-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013224.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6845544 vom 2022-12-19",
"url": "https://www.ibm.com/support/pages/node/6845544"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6851437 vom 2022-12-22",
"url": "https://aix.software.ibm.com/aix/efixes/security/java_dec2022_advisory.asc"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6852623 vom 2022-01-04",
"url": "https://www.ibm.com/support/pages/node/6852623"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6852713 vom 2023-01-06",
"url": "https://www.ibm.com/support/pages/node/6852713"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA70185 vom 2023-01-12",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6854647 vom 2023-01-11",
"url": "https://www.ibm.com/support/pages/node/6854647"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0128 vom 2023-01-12",
"url": "https://access.redhat.com/errata/RHSA-2023:0128"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6855351 vom 2023-01-13",
"url": "https://www.ibm.com/support/pages/node/6855351"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856759 vom 2023-01-20",
"url": "https://www.ibm.com/support/pages/node/6856759"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5331 vom 2023-01-29",
"url": "https://www.debian.org/security/2023/dsa-5331"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6856023 vom 2023-02-01",
"url": "https://www.ibm.com/support/pages/node/6856023"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6855597 vom 2023-01-31",
"url": "https://www.ibm.com/support/pages/node/6855597"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6912697 vom 2023-02-01",
"url": "https://www.ibm.com/support/pages/node/6912697"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5335 vom 2023-02-01",
"url": "https://lists.debian.org/debian-security-announce/2023/msg00024.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3307 vom 2023-02-06",
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00001.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1678 vom 2023-02-06",
"url": "https://alas.aws.amazon.com/ALAS-2023-1678.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2023-1922 vom 2023-02-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1922.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6953873 vom 2023-02-08",
"url": "https://www.ibm.com/support/pages/node/6953873"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6954683 vom 2023-02-10",
"url": "https://www.ibm.com/support/pages/node/6954683"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6954671 vom 2023-02-10",
"url": "https://www.ibm.com/support/pages/node/6954671"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6954673 vom 2023-02-13",
"url": "https://www.ibm.com/support/pages/node/6954673"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6957066 vom 2023-02-21",
"url": "https://www.ibm.com/support/pages/node/6957066"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-055 vom 2023-02-23",
"url": "https://www.dell.com/support/kbdoc/de-de/000209523/dsa-2023-055-dell-networker-runtime-environment-nre-security-update-for-an-java-se-embedded-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "Oracle Java SE: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-11-07T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:01:13.806+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-1789",
"initial_release_date": "2022-10-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-19T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-20T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat, Amazon und Oracle Linux aufgenommen"
},
{
"date": "2022-10-23T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Oracle Linux und Amazon aufgenommen"
},
{
"date": "2022-10-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-10-26T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Fedora und CentOS aufgenommen"
},
{
"date": "2022-10-27T22:00:00.000+00:00",
"number": "7",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-D0ED59BEE7"
},
{
"date": "2022-10-30T23:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-EC7DE69CEB, FEDORA-2022-E8698F2E5E"
},
{
"date": "2022-11-03T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-07T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-11-09T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2022-11-14T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-15T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-11-20T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-28T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-11-29T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-12-07T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-08T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-12-13T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-12-18T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-12-22T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-04T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2023-01-08T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2023-01-11T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Juniper und IBM aufgenommen"
},
{
"date": "2023-01-15T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-22T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-29T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-01-31T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-01T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von IBM und Debian aufgenommen"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Debian und Amazon aufgenommen"
},
{
"date": "2023-02-08T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-09T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-12T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-21T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-23T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2023-02-26T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-02-27T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-02T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-07T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2023-03-12T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-13T23:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-19T23:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-03-30T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-04-02T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2023-04-11T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-05T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von HCL und IBM aufgenommen"
},
{
"date": "2023-10-24T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-11-07T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "49"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Corretto \u003c 11.0.17.8.1",
"product": {
"name": "Amazon Corretto \u003c 11.0.17.8.1",
"product_id": "T025035",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:11.0.17.8.1"
}
}
},
{
"category": "product_name",
"name": "Amazon Corretto \u003c 8.352.08.1",
"product": {
"name": "Amazon Corretto \u003c 8.352.08.1",
"product_id": "T025036",
"product_identification_helper": {
"cpe": "cpe:/a:amazon:corretto:8.352.08.1"
}
}
}
],
"category": "product_name",
"name": "Corretto"
},
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker nre \u003c 8.0.15",
"product": {
"name": "Dell NetWorker nre \u003c 8.0.15",
"product_id": "T026507",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:nre__8.0.15"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix \u003c 10.0.12.0",
"product": {
"name": "HCL BigFix \u003c 10.0.12.0",
"product_id": "T027043",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:10.0.12.0"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Command Suite",
"product": {
"name": "Hitachi Command Suite",
"product_id": "T010951",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:command_suite:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Configuration Manager",
"product": {
"name": "Hitachi Configuration Manager",
"product_id": "T020304",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:configuration_manager:-"
}
}
},
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM AIX 7.1",
"product": {
"name": "IBM AIX 7.1",
"product_id": "153340",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.1"
}
}
},
{
"category": "product_name",
"name": "IBM AIX 7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
},
{
"category": "product_name",
"name": "IBM AIX 7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "T021486",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM Business Automation Workflow 19.0.0.3 - 22.0.1",
"product": {
"name": "IBM Business Automation Workflow 19.0.0.3 - 22.0.1",
"product_id": "T025982",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:19.0.0.3_-_22.0.1"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Content Manager 5.5.4.0",
"product": {
"name": "IBM Content Manager 5.5.4.0",
"product_id": "T027223",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:content_manager:5.5.4.0"
}
}
},
{
"category": "product_name",
"name": "IBM Content Manager 5.5.8.0",
"product": {
"name": "IBM Content Manager 5.5.8.0",
"product_id": "T027224",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:content_manager:5.5.8.0"
}
}
},
{
"category": "product_name",
"name": "IBM Content Manager 5.5.9.0",
"product": {
"name": "IBM Content Manager 5.5.9.0",
"product_id": "T027225",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:content_manager:5.5.9.0"
}
}
}
],
"category": "product_name",
"name": "Content Manager"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM DataPower Gateway \u003c 10.0.1.11",
"product": {
"name": "IBM DataPower Gateway \u003c 10.0.1.11",
"product_id": "T025691",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.0.1.11"
}
}
},
{
"category": "product_name",
"name": "IBM DataPower Gateway \u003c 2018.4.1.24",
"product": {
"name": "IBM DataPower Gateway \u003c 2018.4.1.24",
"product_id": "T025692",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:2018.4.1.24"
}
}
},
{
"category": "product_name",
"name": "IBM DataPower Gateway \u003c 10.5.0.3",
"product": {
"name": "IBM DataPower Gateway \u003c 10.5.0.3",
"product_id": "T025743",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.3"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
},
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM InfoSphere Data Replication 11.4",
"product": {
"name": "IBM InfoSphere Data Replication 11.4",
"product_id": "1020294",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_data_replication:11.4"
}
}
},
{
"category": "product_name",
"name": "IBM InfoSphere Data Replication 11.4.0",
"product": {
"name": "IBM InfoSphere Data Replication 11.4.0",
"product_id": "1020295",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_data_replication:11.4.0"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Data Replication"
},
{
"category": "product_name",
"name": "IBM InfoSphere Information Server 11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
},
{
"category": "product_name",
"name": "IBM Installation Manager \u003c 1.9.2.4",
"product": {
"name": "IBM Installation Manager \u003c 1.9.2.4",
"product_id": "T027015",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:installation_manager:1.9.2.4"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ 9.0.0",
"product": {
"name": "IBM MQ 9.0.0",
"product_id": "T021104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.0.0"
}
}
},
{
"category": "product_name",
"name": "IBM MQ 9.1.0",
"product": {
"name": "IBM MQ 9.1.0",
"product_id": "T021105",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.1.0"
}
}
},
{
"category": "product_name",
"name": "IBM MQ 9.2.0",
"product": {
"name": "IBM MQ 9.2.0",
"product_id": "T021106",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.2.0"
}
}
},
{
"category": "product_name",
"name": "IBM MQ Appliance",
"product": {
"name": "IBM MQ Appliance",
"product_id": "T025711",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:appliance"
}
}
},
{
"category": "product_name",
"name": "IBM MQ WebSphere Internet Pass-Thru 2.1",
"product": {
"name": "IBM MQ WebSphere Internet Pass-Thru 2.1",
"product_id": "T025837",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:websphere_internet_pass-thru_2.1"
}
}
},
{
"category": "product_name",
"name": "IBM MQ 9.3.0",
"product": {
"name": "IBM MQ 9.3.0",
"product_id": "T026459",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:9.3.0"
}
}
}
],
"category": "product_name",
"name": "MQ"
},
{
"category": "product_name",
"name": "IBM Power Hardware Management Console",
"product": {
"name": "IBM Power Hardware Management Console",
"product_id": "5114",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:hardware_management_console:-"
}
}
},
{
"category": "product_name",
"name": "IBM Rational Business Developer",
"product": {
"name": "IBM Rational Business Developer",
"product_id": "T025611",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_business_developer:-"
}
}
},
{
"category": "product_name",
"name": "IBM Rational ClearCase",
"product": {
"name": "IBM Rational ClearCase",
"product_id": "T004180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:-"
}
}
},
{
"category": "product_name",
"name": "IBM Rational ClearQuest",
"product": {
"name": "IBM Rational ClearQuest",
"product_id": "5168",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearquest:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Rational Software Architect 9.7.x",
"product": {
"name": "IBM Rational Software Architect 9.7.x",
"product_id": "T026605",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_software_architect:9.7.x"
}
}
},
{
"category": "product_name",
"name": "IBM Rational Software Architect 9.6.x",
"product": {
"name": "IBM Rational Software Architect 9.6.x",
"product_id": "T026606",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_software_architect:9.6.x"
}
}
}
],
"category": "product_name",
"name": "Rational Software Architect"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T002782",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"category": "product_name",
"name": "IBM SPSS",
"product": {
"name": "IBM SPSS",
"product_id": "T013570",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
"product": {
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1",
"product_id": "T005246",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1"
}
}
},
{
"category": "product_name",
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
"product": {
"name": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2",
"product_id": "T007073",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2"
}
}
}
],
"category": "product_name",
"name": "Security Access Manager for Enterprise Single Sign-On"
},
{
"category": "product_name",
"name": "IBM Security Guardium 11.3",
"product": {
"name": "IBM Security Guardium 11.3",
"product_id": "1048943",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_guardium:11.3"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Spectrum Protect \u003c 8.1.18",
"product": {
"name": "IBM Spectrum Protect \u003c 8.1.18",
"product_id": "T026793",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:8.1.18"
}
}
},
{
"category": "product_name",
"name": "IBM Spectrum Protect \u003c 8.1.17.2",
"product": {
"name": "IBM Spectrum Protect \u003c 8.1.17.2",
"product_id": "T026807",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:8.1.17.2"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
},
{
"category": "product_name",
"name": "IBM Storwize",
"product": {
"name": "IBM Storwize",
"product_id": "T021621",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM TXSeries 9.1",
"product": {
"name": "IBM TXSeries 9.1",
"product_id": "T015903",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_9.1"
}
}
},
{
"category": "product_name",
"name": "IBM TXSeries 8.2",
"product": {
"name": "IBM TXSeries 8.2",
"product_id": "T015904",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.2"
}
}
},
{
"category": "product_name",
"name": "IBM TXSeries 8.1",
"product": {
"name": "IBM TXSeries 8.1",
"product_id": "T015905",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:for_multiplatforms_8.1"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"category": "product_name",
"name": "IBM Tivoli Business Service Manager 6.2.0",
"product": {
"name": "IBM Tivoli Business Service Manager 6.2.0",
"product_id": "T014092",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Monitoring 6.3.0",
"product": {
"name": "IBM Tivoli Monitoring 6.3.0",
"product_id": "307523",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Monitoring \u003c 6.3.0.7 sp5",
"product": {
"name": "IBM Tivoli Monitoring \u003c 6.3.0.7 sp5",
"product_id": "T023377",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7_sp5"
}
}
}
],
"category": "product_name",
"name": "Tivoli Monitoring"
},
{
"category": "product_name",
"name": "IBM Tivoli Netcool/OMNIbus \u003c 8.1.0.31",
"product": {
"name": "IBM Tivoli Netcool/OMNIbus \u003c 8.1.0.31",
"product_id": "T030747",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_netcool%2fomnibus:8.1.0.31"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Network Manager 6.4.1",
"product": {
"name": "IBM Tivoli Network Manager 6.4.1",
"product_id": "T027959",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:6.4.1"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager 6.4.2",
"product": {
"name": "IBM Tivoli Network Manager 6.4.2",
"product_id": "T027960",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:6.4.2"
}
}
}
],
"category": "product_name",
"name": "Tivoli Network Manager"
},
{
"category": "product_name",
"name": "IBM VIOS 3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "IBM WebSphere Application Server",
"product": {
"name": "IBM WebSphere Application Server",
"product_id": "5198",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:-"
}
}
},
{
"category": "product_name",
"name": "IBM WebSphere Application Server 8.5",
"product": {
"name": "IBM WebSphere Application Server 8.5",
"product_id": "703851",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5"
}
}
},
{
"category": "product_name",
"name": "IBM WebSphere Application Server 9.0",
"product": {
"name": "IBM WebSphere Application Server 9.0",
"product_id": "703852",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0"
}
}
},
{
"category": "product_name",
"name": "IBM WebSphere Application Server liberty",
"product": {
"name": "IBM WebSphere Application Server liberty",
"product_id": "T016135",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:liberty"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper Junos Space",
"product": {
"name": "Juniper Junos Space",
"product_id": "T003343",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source CentOS",
"product": {
"name": "Open Source CentOS",
"product_id": "1727",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:-"
}
}
},
{
"category": "product_name",
"name": "Open Source OpenJDK",
"product": {
"name": "Open Source OpenJDK",
"product_id": "580789",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:openjdk:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle GraalVM Enterprise Edition 20.3.7",
"product": {
"name": "Oracle GraalVM Enterprise Edition 20.3.7",
"product_id": "T025033",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:20.3.7::enterprise"
}
}
},
{
"category": "product_name",
"name": "Oracle GraalVM Enterprise Edition 21.3.3",
"product": {
"name": "Oracle GraalVM Enterprise Edition 21.3.3",
"product_id": "T025047",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:enterprise_edition_21.3.3"
}
}
},
{
"category": "product_name",
"name": "Oracle GraalVM Enterprise Edition 22.2.0",
"product": {
"name": "Oracle GraalVM Enterprise Edition 22.2.0",
"product_id": "T025048",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:graalvm:enterprise_edition_22.2.0"
}
}
}
],
"category": "product_name",
"name": "GraalVM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Java SE 11.0.16.1",
"product": {
"name": "Oracle Java SE 11.0.16.1",
"product_id": "T025000",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:11.0.16.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Java SE 17.0.4.1",
"product": {
"name": "Oracle Java SE 17.0.4.1",
"product_id": "T025001",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:17.0.4.1"
}
}
},
{
"category": "product_name",
"name": "Oracle Java SE 8u341",
"product": {
"name": "Oracle Java SE 8u341",
"product_id": "T025032",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u341"
}
}
},
{
"category": "product_name",
"name": "Oracle Java SE 19",
"product": {
"name": "Oracle Java SE 19",
"product_id": "T025034",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:19"
}
}
},
{
"category": "product_name",
"name": "Oracle Java SE 8u345-perf",
"product": {
"name": "Oracle Java SE 8u345-perf",
"product_id": "T025046",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:java_se:8u345-perf"
}
}
}
],
"category": "product_name",
"name": "Java SE"
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21597",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-21597"
},
{
"cve": "CVE-2022-21618",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-21618"
},
{
"cve": "CVE-2022-21619",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-21619"
},
{
"cve": "CVE-2022-21624",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-21624"
},
{
"cve": "CVE-2022-21626",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-21626"
},
{
"cve": "CVE-2022-21628",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-21628"
},
{
"cve": "CVE-2022-21634",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-21634"
},
{
"cve": "CVE-2022-32215",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-32215"
},
{
"cve": "CVE-2022-39399",
"notes": [
{
"category": "description",
"text": "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T005246",
"T025691",
"T003343",
"T010951",
"T004914",
"703851",
"T016135",
"703852",
"T026507",
"T027959",
"398363",
"T025611",
"T025692",
"153340",
"T027043",
"5198",
"T008027",
"434967",
"5114",
"1039165",
"T013570",
"T017562",
"T021105",
"T021104",
"T021621",
"2951",
"T002207",
"444803",
"T021106",
"T004180",
"307523",
"T025982",
"T025743",
"T027960",
"T026793",
"1020295",
"T015905",
"1020294",
"T015904",
"T015903",
"1048943",
"67646",
"5168",
"T025837",
"T026807",
"T026606",
"T014092",
"T025711",
"T026605",
"T020304",
"T023377",
"T025159",
"T025033",
"T025032",
"T027015",
"T025034",
"T002782",
"T026459",
"T000126",
"580789",
"T025048",
"T030747",
"T025047",
"T027225",
"T007073",
"1727",
"T021486",
"T025000",
"T027223",
"T027224",
"T025046",
"T025001"
]
},
"release_date": "2022-10-18T22:00:00Z",
"title": "CVE-2022-39399"
}
]
}
gsd-2022-21597
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-21597",
"description": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"id": "GSD-2022-21597",
"references": [
"https://www.suse.com/security/cve/CVE-2022-21597.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-21597"
],
"details": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"id": "GSD-2022-21597",
"modified": "2023-12-13T01:19:15.015882Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GraalVM Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:20.3.7"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:21.3.3"
},
{
"version_affected": "=",
"version_value": "Oracle GraalVM Enterprise Edition:22.2.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:20.3.7:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:21.3.3:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:graalvm:22.2.0:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2022-21597"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpuoct2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-10-20T04:27Z",
"publishedDate": "2022-10-18T21:15Z"
}
}
}
ghsa-wpjj-8jrx-8pxf
Vulnerability from github
Published
2022-10-19 12:00
Modified
2022-10-19 12:00
Severity ?
Details
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
{
"affected": [],
"aliases": [
"CVE-2022-21597"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-18T21:15:00Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaScript). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"id": "GHSA-wpjj-8jrx-8pxf",
"modified": "2022-10-19T12:00:21Z",
"published": "2022-10-19T12:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21597"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.