Oracle CPU April 2021 - Airlock Gateway and IAM

Submitted on 23. April 2021 - 10:48 by bgre.
Last update on 23. April 2021 - 12:01.

IDs:

CVE-2021-23841, CVE-2021-3450, CVE-2021-2161, CVE-2021-2163

Keywords:

java, cpu, Oracle Critical Patch Update

Description:

The Oracle Critical Patch Update for April 2021 includes updates for Java SE [1] that fix 4 Java SE vulnerabilities.

Airlock Gateway uses Java in the Configuration Center and in several add-on modules.

Airlock Login/IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No action required for Airlock Gateway and Login/IAM.

Details:

CVE-2021-23841, CVE-2021-3450
OpenSSL vulnerabilites patched in hotfixes for Airlock Gateway (see CVE-2021-23841, CVE-2021-3450). OpenSSL library is not used in Airlock Login/IAM.

CVE-2021-2161
Affected operation system (Windows) is not supported by Airlock instances.

CVE-2021-2163
Affected component (JAR Signing) not used by Airlock.

Resolution:

General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

No action required

Reference:

Oracle Critical Patch Update Advisory - April 2021

CVE-2021-23841

CVE-2021-3450

Main menu

Navigation

User menu

You are here

Oracle CPU April 2021 - Airlock Gateway and IAM

Main menu

Search form

Navigation

User menu

You are here

Oracle CPU April 2021 - Airlock Gateway and IAM