QID 376556
Date Published: 2022-04-25
QID 376556: Amazon Corretto Critical Patch Update (APR2022)
Amazon Corretto is a no-cost, multiplatform, production-ready distribution of the Open Java Development Kit (OpenJDK) from Amazon.
Amazon Corretto released security updates to fix multiple vulnerabilities.
Affected Versions:
Amazon Corretto prior to: 8.332.08.1, 11.0.15.9.1, 17.0.3.6.1 and 18.0.1.10.1
QID Detection Logic (Authenticated):
This QID checks for:
"HKLM\Software\JavaSoft\Java Runtime Environment"
"HKLM\Software\Wow6432Node\JavaSoft\Java Runtime Environment"
"HKLM\Software\JavaSoft\Java Development Kit"
"HKLM\Software\Wow6432Node\JavaSoft\Java Development Kit"
"HKLM\Software\JavaSoft\JRE"
"HKLM\Software\Wow6432Node\JavaSoft\JRE"
"HKLM\Software\JavaSoft\JDK"
and "HKLM\Software\Wow6432Node\JavaSoft\JDK" subkeys and fetches JavaHome value, checks for version.txt file existence in the fetched location, performs jar extraction to confirm Amazon as the implementation vendor, then reads the version from version.txt and posts the QID on Windows Operating Systems
This QID executes java -version command and checks for the Corretto version on Linux Operating Systems
Successful exploitation of this vulnerability could result in unauthorized access and an attacker can gain access to sensitive information.
Customers are advised to visit Amazon Corretto Download Page for latest version and more information.
aws.amazon.com/about-aws/whats-new/2022/04/amazon-corretto-april-2022-quartely-updates/CVEs related to QID 376556
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Amazon Corretto 11 |
docs.aws.amazon.com/corretto/latest/corretto-11-ug/downloads-list.html |
||
| Amazon Corretto 17 |
docs.aws.amazon.com/corretto/latest/corretto-17-ug/downloads-list.html |
||
| Amazon Corretto 18 |
docs.aws.amazon.com/corretto/latest/corretto-18-ug/downloads-list.html |
||
| Amazon Corretto 8 |
docs.aws.amazon.com/corretto/latest/corretto-8-ug/downloads-list.html |