CVE-2022-34169 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
apache	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
apache	xalan-java	𝑥 ≤ 2.7.2
debian	debian_linux	10.0
debian	debian_linux	11.0
oracle	graalvm	20.3.6
oracle	graalvm	21.3.2
oracle	graalvm	22.1.0
oracle	jdk	1.7.0
oracle	jdk	1.8.0
oracle	jdk	11.0.15.1
oracle	jdk	17.0.3.1
oracle	jdk	18.0.1.1
oracle	jre	1.7.0
oracle	jre	1.8.0
oracle	jre	11.0.15.1
oracle	jre	17.0.3.1
oracle	jre	18.0.1.1
oracle	openjdk	11 ≤ 𝑥 ≤ 11.0.15
oracle	openjdk	13 ≤ 𝑥 ≤ 13.0.11
oracle	openjdk	15 ≤ 𝑥 ≤ 15.0.7
oracle	openjdk	17 ≤ 𝑥 ≤ 17.0.3
netapp	7-mode_transition_tool	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_secure_agent	-
netapp	hci_management_node	-
netapp	oncommand_insight	-
netapp	solidfire	-
netapp	hci_compute_node	-
azul	zulu	6.47
azul	zulu	7.54
azul	zulu	8.62
azul	zulu	11.56
azul	zulu	13.48
azul	zulu	15.40
azul	zulu	17.34
azul	zulu	18.30

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

bcel

bullseye (security)	6.5.0-1+deb11u1 fixed
bullseye	6.5.0-1+deb11u1 fixed
bookworm	6.5.0-2 fixed
sid	6.10.0-1 fixed
trixie	6.10.0-1 fixed

openjdk-11

bullseye	11.0.24+8-2~deb11u1 fixed
bullseye (security)	11.0.25+9-1~deb11u1 fixed
sid	11.0.25+9-1 fixed

openjdk-17

bullseye	17.0.12+7-2~deb11u1 fixed
bullseye (security)	17.0.13+11-1~deb11u1 fixed
bookworm	17.0.12+7-2~deb12u1 fixed
bookworm (security)	17.0.13+11-2~deb12u1 fixed
sid	17.0.13+11-2 fixed
trixie	17.0.13+11-2 fixed

openjdk-8

sid	8u432-b06-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

icedtea-web

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	ignored
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

libxalan2-java

noble	needs-triage
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needs-triage
impish	ignored
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

openjdk-12

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

openjdk-13

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	dne
focal	ignored
bionic	dne
xenial	dne
trusty	dne

openjdk-15

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

openjdk-16

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	ignored
focal	ignored
bionic	dne
xenial	dne
trusty	dne

openjdk-17

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	Fixed 17.0.4+8-1 released
jammy	Fixed 17.0.4+8-1~22.04 released
impish	ignored
focal	Fixed 17.0.4+8-1~20.04 released
bionic	Fixed 17.0.4+8-1~18.04 released
xenial	dne
trusty	dne

openjdk-18

noble	dne
mantic	dne
lunar	not-affected
kinetic	Fixed 18.0.2+9-2 released
jammy	Fixed 18.0.2+9-2~22.04 released
impish	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

openjdk-8

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	Fixed 8u342-b07-0ubuntu1~22.04 released
impish	ignored
focal	Fixed 8u342-b07-0ubuntu1~20.04 released
bionic	Fixed 8u342-b07-0ubuntu1~18.04 released
xenial	Fixed 8u342-b07-0ubuntu1~16.04 released
trusty	dne

openjdk-9

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	dne
focal	dne
bionic	dne
xenial	ignored
trusty	dne

openjdk-lts

noble	Fixed 11.0.16+8-0ubuntu1 released
mantic	Fixed 11.0.16+8-0ubuntu1 released
lunar	Fixed 11.0.16+8-0ubuntu1 released
kinetic	Fixed 11.0.16+8-0ubuntu1 released
jammy	Fixed 11.0.16+8-0ubuntu1~22.04 released
impish	ignored
focal	Fixed 11.0.16+8-0ubuntu1~20.04 released
bionic	Fixed 11.0.16+8-0ubuntu1~18.04 released
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-681 - Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

http://www.openwall.com/lists/oss-security/2022/07/19/5

http://www.openwall.com/lists/oss-security/2022/07/19/6

http://www.openwall.com/lists/oss-security/2022/07/20/2

http://www.openwall.com/lists/oss-security/2022/07/20/3

http://www.openwall.com/lists/oss-security/2022/10/18/2

http://www.openwall.com/lists/oss-security/2022/11/04/8

http://www.openwall.com/lists/oss-security/2022/11/07/2

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/

https://security.gentoo.org/glsa/202401-25

https://security.netapp.com/advisory/ntap-20220729-0009/

https://security.netapp.com/advisory/ntap-20240621-0006/

https://www.debian.org/security/2022/dsa-5188

https://www.debian.org/security/2022/dsa-5192

https://www.debian.org/security/2022/dsa-5256

https://www.oracle.com/security-alerts/cpujul2022.html

http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html

http://www.openwall.com/lists/oss-security/2022/07/19/5

http://www.openwall.com/lists/oss-security/2022/07/19/6

http://www.openwall.com/lists/oss-security/2022/07/20/2

http://www.openwall.com/lists/oss-security/2022/07/20/3

http://www.openwall.com/lists/oss-security/2022/10/18/2

http://www.openwall.com/lists/oss-security/2022/11/04/8

http://www.openwall.com/lists/oss-security/2022/11/07/2

https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw

https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8

https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/

https://security.gentoo.org/glsa/202401-25

https://security.netapp.com/advisory/ntap-20220729-0009/

https://security.netapp.com/advisory/ntap-20240621-0006/

https://www.debian.org/security/2022/dsa-5188

https://www.debian.org/security/2022/dsa-5192

https://www.debian.org/security/2022/dsa-5256

https://www.oracle.com/security-alerts/cpujul2022.html