22.02.300.0
22.02.300.0
Release date: July 19, 2022
This CPU release is based on the following OpenJDK versions:
| Major Version | OpenJDK Version |
|---|---|
8 |
8u341 |
11 |
11.0.15.0.101+3 |
13 |
13.0.11.0.101+2 |
15 |
15.0.7.0.101+2 |
17 |
17.0.3.0.101+2 |
CVE fixes
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JAXP (Xalan-J) |
Multiple |
Yes |
7.5 |
Network |
Low |
None |
None |
Unchanged |
None |
High |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.9 |
Network |
High |
None |
None |
Unchanged |
None |
High |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Hotspot |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
Low |
None |
None |
17, 15, 13, 11, 8 |
Note 1 |
|
Libraries |
Multiple |
Yes |
5.3 |
Network |
Low |
None |
None |
Unchanged |
None |
Low |
None |
17 |
Note 1 |
|
CVE-2022-25647 This CVE is not applicable to Azul Zing Builds of OpenJDK. It is listed here for comparison with other Java implementations which may contain this CVE. |
Native Image (Gson) |
None |
No |
6.2 |
Local |
Low |
None |
None |
Unchanged |
None |
None |
High |
None |
|
Notes:
| ID | Notes |
|---|---|
1 |
This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and relies on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. |