search cancel

DX Netops Spectrum: Java Vulnerabilties (Unix April 2022 CPU)

book

Article ID: 240859

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

159974 Oracle Java SE Multiple Vulnerabilities (Unix April 2022 CPU) CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496
159948 OpenJDK 7 <= 7u331 / 8 <= 8u322 / 11.0.0 <= 11.0.14 / 13.0.0 <= 13.0.10 / 15.0.0 <= 15.0.6 / 17.0.0 <= 17.0.2 / 18.0.0 <= 18.0.0 Multiple Vulnerabilities (2022-04-19 CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496

 

161241 Oracle Java SE Multiple Vulnerabilities (Unix April 2022 CPU) CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496

Environment

Release : 21.2

Component : Spectrum OneClick

Resolution

"Plugin Output: 
  Path              : Install-Tools/jre11/
  Installed version : 11.0.14
  Fixed version     : Upgrade to version 11.0.15 or greater" The remote host is affected by multiple vulnerabilities. "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory

Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory. CVE-2022-21426,CVE-2022-21434,CVE-2022-21443,CVE-2022-21449,CVE-2022-21476,CVE-2022-21496"

21.2.12 will upgrade Java to latest versions of OpenJDK 8.

However, the above jre11 is vulnerable in 21.2.12.  Broadcom is shipping updated jre11 in 22.2.2, to be released in August 2022.