QID 378378

Date Published: 2023-04-18

QID 378378: Red Hat OpenJDK 8u342 Windows Builds release and Security Update (RHSA-2022:5753)

The OpenJDK 8 packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

OpenJDK: class compilation issue (Hotspot, 8281859) (CVE-2022-21540).

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866) (CVE-2022-21541).

OpenJDK: integer truncation issue in Xalan (JAXP, 8285407) (CVE-2022-34169).
Affected Versions:
Red Hat build of OpenJDK 8 (8u332) and later Versions and Prior to OpenJDK 8 (8u342)

QID Detection Logic (Authenticated)
This QID checks for the below registry keys HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" ,"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall and sub values to check Publisher and Display version.

Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data.

  • CVSS V3 rated as High - 7.5 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution
    For more information regarding the update RHSA-2022:5753
    Vendor References

    CVEs related to QID 378378

    Software Advisories
    Advisory ID Software Component Link
    RHSA-2022:5753 URL Logo access.redhat.com/errata/RHSA-2022:5753