ROSA LABROSA-SA-2023-2136Advisory ROSA-SA-2023-2136
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
70.5%
Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79
package_evr_string: 11.0.18.0.10-1
CVE-ID: CVE-2022-21365
BDU-ID: 2022-02011
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the ImageIO component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update java-11-openjdk command
CVE-ID: CVE-2022-21360
BDU-ID: 2022-02005
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability exists in the ImageIO component of the Oracle GraalVM Enterprise Edition virtual machine due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-11-openjdk command to close.
CVE-ID: CVE-2022-21296
BDU-ID: 2022-01985
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the JAXP component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine is related to information disclosure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2022-21294
BDU-ID: 2022-01994
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-11-openjdk command to close.
CVE-ID: CVE-2022-21293
BDU-ID: 2022-01986
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine that allows an attacker to cause a partial denial of service
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk command to close it
CVE-ID: CVE-2022-21248
BDU-ID: 2022-01995
CVE-Crit: LOW
CVE-DESC: A vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine is related to the recovery of invalid data in memory. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-11-openjdk command to close it.
CVE-ID: CVE-2022-21496
BDU-ID: 2022-03794
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability exists in the JNDI component of the Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
70.5%