| VID |
50370 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory:
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. (CVE-2022-21349)
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. (CVE-2022-21291, CVE-2022-21305)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://www.oracle.com/a/tech/docs/cpujan2022cvrf.xml
https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA
* Platforms Affected:
Oracle Java JDK and JRE prior to 7 Update 331
Microsoft Windows Any version |
| Recommendation |
Update to JDK / JRE 7 Update 331 or later and remove if necessary any affected versions
http://www.java.com/en/ |
| Related URL |
CVE-2022-21248,CVE-2022-21271,CVE-2022-21277,CVE-2022-21282,CVE-2022-21283,CVE-2022-21291,CVE-2022-21293,CVE-2022-21294,CVE-2022-21296 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
