CVE-2022-21540 and CVE-2022-21541 affect AdoptOpenJDK 1.8 which is embedded in API Gateway Appliance 10.0

search cancel

CVE-2022-21540 and CVE-2022-21541 affect AdoptOpenJDK 1.8 which is embedded in API Gateway Appliance 10.0

book

Article ID: 250825

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Regarding below CVEs:

CVE-2022-21540 - https://access.redhat.com/security/cve/CVE-2022-21540
CVE-2022-21541 - https://access.redhat.com/security/cve/CVE-2022-21541

They both mention vulnerabilities in Oracle Java SE and Oracle GraalVM Enterprise Edition product of Oracle Java SE. But openjdk is listed in the Affected Packages.

The API Gateway Appliance uses AdoptOpenJDK 1.8 which is embedded.

Do these vulnerabilities also affect the AdoptOpenJDK?

Environment

API Gateway 10.0

Resolution

The default Gateway distribution loads and runs only trusted code (custom assertions are also can be loaded into Gateway runtime only after signing). Also, we do not support Java Web Start and Applets so the mentioned vulnerabilities CVE-2022-21540 and CVE-2022-21541 do not affect the API Gateway.

Feedback

thumb_up Yes

thumb_down No