You are here

Oracle CPU July 2022 - Airlock Gateway and IAM

CVE-2022-34169, CVE-2022-25647, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549
java, cpu, Oracle Critical Patch Update

The Oracle Critical Patch Update for July 2022 includes updates for Java SE [1] that fix 5 Java SE vulnerabilities.

Airlock Gateway uses Java in the Configuration Center and in several add-on modules.

Airlock IAM before version 7.0 relies on a separately installed Java environment and the Java runtime environment is maintained by the system administrator.

No actions required for Airlock Gateway and IAM.


Component is not used in Airlock Gateway and IAM.

Airlock IAM use the feature only with trusted input. Affected component (Gson) not used by Airlock Gateway.

CVE-2022-21541, CVE-2022-21540, CVE-2022-21549
Does not affect Java deployments, typically in servers, that load and run only trusted code.


General Advice: We strongly recommend to update all client deployments of Java and uninstalling Java from clients where it is not needed.

Authentication service
Airlock Vulnerability Status: 
No action required
Back-end Vulnerability Status: 
Back-ends may be vulnerable, see resolution