Details for CVE-2022-21449
Article ID: 298324
Updated On:
Products
VMware Tanzu Application Service for VMs
Issue/Introduction
CVE-2022-21449 is a vulnerability in Java which allows allows unauthenticated attacker with network access via multiple protocols to compromise Java 15, Java 16, Java 17, or Java 18.
Environment
Product Version: 2.11
Resolution
The only component affected is JavaBuildpack version v4.48.3, which includes the security fix for this, has been already released.
In order to to fix the vulnerability, please, update to that buildpack version.
Next releases of supported TAS, 2.11.20, 2.12.13 and 2.13.4 will also include Java Buildpack v4.48.3 .The ETA for those releases is mid June 2022.
In order to to fix the vulnerability, please, update to that buildpack version.
Next releases of supported TAS, 2.11.20, 2.12.13 and 2.13.4 will also include Java Buildpack v4.48.3 .The ETA for those releases is mid June 2022.
Feedback
Yes
No
Powered by
