Oracle vulnerability
search cancel

Oracle vulnerability

book

Article ID: 265052

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

We found Oracle vulnerability as mentioned below:

Oracle Java Standard Edition (SE) Critical Patch Update - January 2023 (CPUJAN2023)
Oracle Java Standard Edition (SE) Critical Patch Update - October 2022 (CPUOCT2022)
Oracle Java Standard Edition (SE) Critical Patch Update - July 2022 (CPUJUL2022)
Oracle Java SE Critical Patch Update - October 2021 (CPUOCT2021)
Oracle Java Standard Edition (SE) Critical Patch Update - January 2023 (CPUJAN2023)
Oracle Java Standard Edition (SE) Critical Patch Update - October 2022 (CPUOCT2022)
Oracle Java Standard Edition (SE) Critical Patch Update - July 2022 (CPUJUL2022)
Oracle Java SE Critical Patch Update - October 2021 (CPUOCT2021)

Environment

Dx NetOps : 22.2.x

OS : Linux

Resolution

- The current release you are on Dx NetOps 22.2.5. After an upgrade you did the vulnerability scan and found the following Vulnerabilities:

Oracle Java Standard Edition (SE) Critical Patch Update - January 2023 (CPUJAN2023)
Oracle Java Standard Edition (SE) Critical Patch Update - October 2022 (CPUOCT2022)
Oracle Java Standard Edition (SE) Critical Patch Update - July 2022 (CPUJUL2022)
Oracle Java SE Critical Patch Update - October 2021 (CPUOCT2021)
Oracle Java Standard Edition (SE) Critical Patch Update - January 2023 (CPUJAN2023)
Oracle Java Standard Edition (SE) Critical Patch Update - October 2022 (CPUOCT2022)
Oracle Java Standard Edition (SE) Critical Patch Update - July 2022 (CPUJUL2022)
Oracle Java SE Critical Patch Update - October 2021 (CPUOCT2021)


Here are the list of CVE ID's:

CVE-2023-21835, CVE-2023-21830, CVE-2023-21843
CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619
CVE-2022-34169, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549
CVE-2021-3517, CVE-2021-35560, CVE-2021-35567, CVE-2021-35550, CVE-2021-3522, CVE-2021-35586, CVE-2021-35564, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35578, CVE-2021-35603, CVE-2021-35588
CVE-2023-21835, CVE-2023-21830, CVE-2023-21843
CVE-2022-21628, CVE-2022-21626, CVE-2022-21618, CVE-2022-39399, CVE-2022-21624, CVE-2022-21619
CVE-2022-34169, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549
CVE-2021-3517, CVE-2021-35560, CVE-2021-35567, CVE-2021-35550, CVE-2021-3522, CVE-2021-35586, CVE-2021-35564, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35578, CVE-2021-35603, CVE-2021-35588

 

We see that these vulnerabilities were reported at the mentioned location:

Install Location Version Detection Type
/root/install.dir.14973/Linux/resource/jre/bin/java 1.8.0_101-b13 Enhanced
/root/install.dir.22959/Linux/resource/jre/bin/java 1.8.0_101-b13 Enhanced
/root/install.dir.24567/Linux/resource/jre/bin/java 1.8.0_144-b01 Enhanced#
Install Location Version Detection Type
/root/install.dir.31144/Linux/resource/jre/bin/java 1.8.0_144-b01 Enhanced
/root/install.dir.31480/Linux/resource/jre/bin/java 1.8.0_144-b01 Enhanced#

Vulnerabilities are reporting at the OS level. Please do check with the Linux team & update the OS patch if required. Before proceeding, please test it on the development server(Test system) & observe it for couple of days. If all goes well, then apply it on the Impacted production servers.

Powered by Wolken Software