You are here

Home › Oracle CPU January 2022 - Airlock Gateway and IAM

Oracle CPU January 2022 - Airlock Gateway and IAM

Submitted on 26. January 2022 - 8:54 by bgre.
Last update on 26. January 2022 - 10:19.
IDs: 
CVE-2021-22959, CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21277, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340
Keywords: 
java, cpu, Oracle Critical Patch Update
Description: 

The Oracle Critical Patch Update for January 2022 includes updates for Java SE [1] that fix 18 Java SE vulnerabilities.

Airlock Gateway uses Java in the Configuration Center and in several add-on modules.

Airlock IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No action required for Airlock Gateway and IAM.

Details:

CVE-2021-22959
Affected JVM (Oracle GraalVM Enterprise Edition) not used by Airlock Gateway/IAM.

CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21277, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248
Does not affect Java deployments, typically in servers, that load and run only trusted code.

Resolution: 

General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required
Reference: 
Oracle Critical Patch Update Advisory - July 2021
© Ergon Informatik AG