Vulnerability in SDDC Manager: Azul Zulu Java Multiple Vulnerabilities CVE-2023-22025 CVE-2023-22067 CVE-2023-22081
search cancel

Vulnerability in SDDC Manager: Azul Zulu Java Multiple Vulnerabilities CVE-2023-22025 CVE-2023-22067 CVE-2023-22081

book

Article ID: 369740

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Azul Zulu Java Multiple Vulnerabilities (CVE-2023-22025 CVE-2023-22067 CVE-2023-22081) falsely reported on vulnerability scan reports for VCF 4.x

Environment

SDDC Manager 4.x

Cause

The scan is picking it up due to its java version which is:

  • OpenJDK Runtime Environment Zulu11.52+14-SA (build 11.0.13+8-LTS)
  • OpenJDK 64-Bit Server VM Zulu11.52+14-SA (build 11.0.13+8-LTS, mixed mode)OpenJDK Runtime Environment Zulu11.52+14-SA (build 11.0.13+8-LTS)
  • OpenJDK 64-Bit Server VM Zulu11.52+14-SA (build 11.0.13+8-LTS, mixed mode)

Resolution

Upgrade SDDC to 5.x

From 5.x onwards we have OpenJDK RTE. 5.0 with Java11 and 5.1 with Java 17. 

Powered by Wolken Software