ROSA LABROSA-SA-2023-2138Advisory ROSA-SA-2023-2138
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.7%
Software: java-11-openjdk 11.0.18.0.10-1
OS: rosa-server79
package_evr_string: 11.0.18.0.10-1
CVE-ID: CVE-2022-21434
BDU-ID: 2022-02839
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability exists in the Libraries component of the Libraries component of Oracle GraalVM Enterprise Edition virtual machine due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to modify, add, or delete data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2022-21476
BDU-ID: 2022-02686
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Libraries component of Java SE software platforms, Oracle GraalVM Enterprise Edition virtual machine is related to insufficient protection of service data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2022-34169
BDU-ID: 2022-04788
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the Apache Xalan Java XSLT library is related to an integer value conversion error when processing XSLT stylesheets. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2022-21541
BDU-ID: 2022-05103
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Hotspot component of the Java SE software platforms, Oracle GraalVM Enterprise Edition virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to create, delete, or modify access to data
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2022-21540
BDU-ID: 2022-05104
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the Hotspot component of the Java SE software platforms, Oracle GraalVM Enterprise Edition virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to data using network packets
CVE-STATUS: Resolved
CVE-REV: Run yum update java-11-openjdk to close.
CVE-ID: CVE-2023-21835
BDU-ID: 2023-00510
CVE-Crit: MEDIUM
CVE-DESC: A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM Enterprise Edition virtual machine is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: Run the yum update java-11-openjdk command to close.
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
52.7%