Data Repository Version 22.2.7
Vertica: version 10

Does the Vertica is vulnerability for these CVE’s?

CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968
Assigner: Oracle
Published: 2023-04-18Updated: 2023-04-18
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1

CVE-2023-21948 Assigner: Oracle
Published: 2023-04-18Updated: 2023-04-18
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10

CVE-2023-21949, CVE-2023-21950, CVE-2023-21951
This ID has been reserved by a CNA.
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available

 Path: /opt/CA/
 Installed version: 1.8.0_101 / build 8.0.101
 Fixed version: Upgrade to version 8.0.371 or greater

 Path: /opt/workbench/jre1.8.0_51/
 Installed version: 1.8.0_51
 Fixed version : Upgrade to version 8.0.371 or greater

Release : 22.2

Vulnerability 

The /opt/CA/IMDataRepository_vertica*/jre is no longer installed, if there you can remove it.

The /opt/workbench/ folder does not belong to Vertica

If the jre/jdk reported is at the OS level, you can update the DR but never under /opt/CA/