CVE-2022-21624
low
CVSS v3
3.7
CVSS v4 NEW
โ
VIR risk
3.7
Description
RHSA-2023:0128: java-1.8.0-ibm security update (Moderate)
Predictions
Exploit likelihood
47%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Fedora Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 36 | Affected | โ |
| 35 | Affected | โ |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el9_0.aarch64.rpm |
Debian Fixed 3 releases
| Version | Status | Fixed in |
|---|---|---|
| sid | Fixed | 11.0.17+8-1 |
| bullseye | Fixed | 11.0.18+10-1~deb11u1 |
| bookworm | Fixed | 17.0.5+8-1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | graalvm | 20.3.7 | |
| oracle | graalvm | 21.3.3 | |
| oracle | graalvm | 22.2.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.16.1 | |
| oracle | jdk | 17.0.4.1 | |
| oracle | jdk | 19 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.16.1 | |
| oracle | jre | 17.0.4.1 | |
| oracle | jre | 19 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_santricity_os_controller | {"startIncluding":"11.0","endIncluding":"11.70.2"} | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_unified_manager | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_storage_plugin | - | |
| netapp | santricity_web_services_proxy | - | |
| azul | zulu | 6.49 | |
| azul | zulu | 7.56 | |
| azul | zulu | 8.64 | |
| azul | zulu | 11.58 | |
| azul | zulu | 13.50 | |
| azul | zulu | 15.42 | |
| azul | zulu | 17.36 | |
| azul | zulu | 19.28 | |
| oracle | graalvm | 20.3.7 | |
| oracle | graalvm | 21.3.3 | |
| oracle | graalvm | 22.2.0 | |
| oracle | jdk | 1.8.0 | |
| oracle | jdk | 11.0.16.1 | |
| oracle | jdk | 17.0.4.1 | |
| oracle | jdk | 19 | |
| oracle | jre | 1.8.0 | |
| oracle | jre | 11.0.16.1 | |
| oracle | jre | 17.0.4.1 | |
| oracle | jre | 19 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | e-series_santricity_os_controller | {"startIncluding":"11.0","endIncluding":"11.70.2"} | |
| netapp | e-series_santricity_storage_manager | - | |
| netapp | e-series_santricity_unified_manager | - | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | santricity_storage_plugin | - | |
| netapp | santricity_web_services_proxy | - | |
| azul | zulu | 6.49 | |
| azul | zulu | 7.56 | |
| azul | zulu | 8.64 | |
| azul | zulu | 11.58 | |
| azul | zulu | 13.50 | |
| azul | zulu | 15.42 | |
| azul | zulu | 17.36 | |
| azul | zulu | 19.28 | |
References
- https://www.oracle.com/security-alerts/cpuoct2022.html
- https://security.netapp.com/advisory/ntap-20221028-0012/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PB3CIGOFG7CENUVVE4FFZT2HI5FO77XU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37QDWJBGEPP65X43NXQTXQ7KASLUHON6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QLQ7OD33W6LT3HWI7VYDFFJLV75Y73K/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HNGMDNIHAA73BEX6XPA2IMXJSGOKKYE6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXSBV3W6EP6B7XJ63Z2FPVBH6HAPGJ5T/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ARF4QF4N3X5GSFHXUBWARGLISGKJ33R/
- https://security.gentoo.org/glsa/202401-25
- https://access.redhat.com/errata/RHSA-2022:6999
- https://access.redhat.com/errata/RHSA-2022:7007
- https://access.redhat.com/errata/RHSA-2022:7013
- https://www.suse.com/security/cve/CVE-2022-21624.html
- https://errata.rockylinux.org/RLSA-2022:7012
- https://errata.rockylinux.org/RLSA-2022:7000
- https://errata.rockylinux.org/RLSA-2022:7006
- https://errata.rockylinux.org/RLSA-2022:7013
- https://errata.rockylinux.org/RLSA-2022:6999
- https://errata.rockylinux.org/RLSA-2022:7007
- https://security-tracker.debian.org/tracker/CVE-2022-21624
- https://access.redhat.com/errata/RHSA-2022:7006
- https://bugzilla.redhat.com/2133745
- https://bugzilla.redhat.com/2133753
- https://bugzilla.redhat.com/2133765
- https://bugzilla.redhat.com/2133769
CWEs
CWE-502
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.