The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0970 advisory.

  - OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550)

  - OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603)

  - OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934)     (CVE-2022-21248)

  - OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)     (CVE-2022-21293)

  - OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416)     (CVE-2022-21294)

  - OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340)

  - OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236)     (CVE-2022-21341)

  - OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360)

  - OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : java-1.8.0-ibm (RHSA-2022:0970)

medium Nessus Plugin ID 159108

Version 1.9