Applicability of CVE-2021-2388 & CVE-2022-34169 to Clarity
search cancel

Applicability of CVE-2021-2388 & CVE-2022-34169 to Clarity

book

Article ID: 282411

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Is Clarity vulnerable to the following CVEs?

  • CVE-2021-2388
  • CVE-2022-34169

Resolution

  • CVE-2021-2388 - This issue is specific to Oracle Java SE. Clarity users OpenJDK. So, this is not applicable.
  • CVE-2022-34169 - This issue impacts a product when it processes XSLT stylesheets that are given as input from users. Clarity does NOT have a scenario where user input XSLT stylesheets are processed. Also, the OpenJDK version 17.0.4 and above has this vulnerability fixed at JDK level itself. Clarity uses a Java version higher than this in the latest versions of the product (v16.2.1 etc.). So, this CVE is not applicable to Clarity.
Powered by Wolken Software