CVE-2022-34169 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Affected Products (NVD)

Vendor	Product	Version
apache	xalan-java	𝑥 ≤ 2.7.2
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	graalvm	20.3.6
oracle	graalvm	21.3.2
oracle	graalvm	22.1.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.15.1
oracle	jdk	17.0.3.1
oracle	jdk	18.0.1.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.15.1
oracle	jre	17.0.3.1
oracle	jre	18.0.1.1
oracle	openjdk	11 ≤ 𝑥 ≤ 11.0.15
oracle	openjdk	13 ≤ 𝑥 ≤ 13.0.11
oracle	openjdk	15 ≤ 𝑥 ≤ 15.0.7
oracle	openjdk	17 ≤ 𝑥 ≤ 17.0.3
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	solidfire	-
netapp	hci_compute_node	-
azul	zulu	6.47
azul	zulu	7.54
azul	zulu	8.62
azul	zulu	11.56
azul	zulu	13.48
azul	zulu	15.40
azul	zulu	17.34
azul	zulu	18.30

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

bcel

bookworm	6.5.0-2 fixed
bullseye	6.5.0-1+deb11u1 fixed
bullseye (security)	6.5.0-1+deb11u1 fixed
sid	6.10.0-1 fixed
trixie	6.10.0-1 fixed

openjdk-11

bullseye	11.0.24+8-2~deb11u1 fixed
bullseye (security)	11.0.25+9-1~deb11u1 fixed
sid	11.0.25+9-1 fixed

openjdk-17

bookworm	17.0.12+7-2~deb12u1 fixed
bookworm (security)	17.0.13+11-2~deb12u1 fixed
bullseye	17.0.12+7-2~deb11u1 fixed
bullseye (security)	17.0.13+11-1~deb11u1 fixed
sid	17.0.13+11-2 fixed
trixie	17.0.13+11-2 fixed

openjdk-8

sid	8u432-b06-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

icedtea-web

bionic	not-affected
focal	not-affected
impish	ignored
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	not-affected

libxalan2-java

bionic	needs-triage
focal	needs-triage
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	needs-triage
xenial	needs-triage

openjdk-12

bionic	dne
focal	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

openjdk-13

bionic	dne
focal	ignored
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

openjdk-15

bionic	dne
focal	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

openjdk-16

bionic	dne
focal	ignored
impish	ignored
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	dne

openjdk-17

bionic	Fixed 17.0.4+8-1~18.04 released
focal	Fixed 17.0.4+8-1~20.04 released
impish	ignored
jammy	Fixed 17.0.4+8-1~22.04 released
kinetic	Fixed 17.0.4+8-1 released
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	dne

openjdk-18

bionic	dne
focal	dne
impish	ignored
jammy	Fixed 18.0.2+9-2~22.04 released
kinetic	Fixed 18.0.2+9-2 released
lunar	not-affected
mantic	dne
noble	dne
trusty	dne
xenial	dne

openjdk-8

bionic	Fixed 8u342-b07-0ubuntu1~18.04 released
focal	Fixed 8u342-b07-0ubuntu1~20.04 released
impish	ignored
jammy	Fixed 8u342-b07-0ubuntu1~22.04 released
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	Fixed 8u342-b07-0ubuntu1~16.04 released

openjdk-9

bionic	dne
focal	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
mantic	dne
noble	dne
trusty	dne
xenial	ignored

openjdk-lts

bionic	Fixed 11.0.16+8-0ubuntu1~18.04 released
focal	Fixed 11.0.16+8-0ubuntu1~20.04 released
impish	ignored
jammy	Fixed 11.0.16+8-0ubuntu1~22.04 released
kinetic	Fixed 11.0.16+8-0ubuntu1 released
lunar	Fixed 11.0.16+8-0ubuntu1 released
mantic	Fixed 11.0.16+8-0ubuntu1 released
noble	Fixed 11.0.16+8-0ubuntu1 released
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-681 - Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

http://www.openwall.com/lists/oss-security/2022/07/19/5

http://www.openwall.com/lists/oss-security/2022/07/19/6

http://www.openwall.com/lists/oss-security/2022/07/20/2

http://www.openwall.com/lists/oss-security/2022/07/20/3

http://www.openwall.com/lists/oss-security/2022/10/18/2

http://www.openwall.com/lists/oss-security/2022/11/04/8

http://www.openwall.com/lists/oss-security/2022/11/07/2

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/

https://security.gentoo.org/glsa/202401-25

https://security.netapp.com/advisory/ntap-20220729-0009/

https://security.netapp.com/advisory/ntap-20240621-0006/

https://www.debian.org/security/2022/dsa-5188

https://www.debian.org/security/2022/dsa-5192

https://www.debian.org/security/2022/dsa-5256

https://www.oracle.com/security-alerts/cpujul2022.html

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

http://www.openwall.com/lists/oss-security/2022/07/19/5

http://www.openwall.com/lists/oss-security/2022/07/19/6

http://www.openwall.com/lists/oss-security/2022/07/20/2

http://www.openwall.com/lists/oss-security/2022/07/20/3

http://www.openwall.com/lists/oss-security/2022/10/18/2

http://www.openwall.com/lists/oss-security/2022/11/04/8

http://www.openwall.com/lists/oss-security/2022/11/07/2

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/

https://security.gentoo.org/glsa/202401-25

https://security.netapp.com/advisory/ntap-20220729-0009/

https://security.netapp.com/advisory/ntap-20240621-0006/

https://www.debian.org/security/2022/dsa-5188

https://www.debian.org/security/2022/dsa-5192

https://www.debian.org/security/2022/dsa-5256

https://www.oracle.com/security-alerts/cpujul2022.html