JVNDB-2022-002570

JVNDB-2022-002570
Oracle Java SE �ｽ�ｽ�ｽ�ｽ�ｽ Oracle GraalVM Enterprise Edition �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽ Security �ｽﾉ関ゑｿｽ�ｽ�ｽﾆ弱性
�ｽT�ｽv
Oracle Java SE �ｽ�ｽ�ｽ�ｽ�ｽ Oracle GraalVM Enterprise Edition �ｽﾉは、Security �ｽﾉ関ゑｿｽ�ｽ髀茨ｿｽ�ｽ�ｽﾉ不�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ驍ｽ�ｽﾟ、�ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾉ影�ｽ�ｽ�ｽﾌゑｿｽ�ｽ�ｽﾆ弱性�ｽ�ｽ�ｽ�ｽ�ｽﾝゑｿｽ�ｽﾜゑｿｽ�ｽB
CVSS �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx (CVSS �ｽﾆゑｿｽ?)
CVSS v3 �ｽﾉゑｿｽ�ｽ[�ｽ�ｽ�ｽx �ｽ�ｽ{�ｽl: 3.7 (�ｽ�ｽ�ｽ�ｽ) [�ｽ�ｽ�ｽﾌ托ｿｽ] �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ謨ｪ: �ｽl�ｽb�ｽg�ｽ�ｽ�ｽ[�ｽN �ｽU�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌ包ｿｽ�ｽG�ｽ�ｽ: �ｽ�ｽ �ｽU�ｽ�ｽ�ｽﾉ必�ｽv�ｽﾈ難ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽx�ｽ�ｽ: �ｽs�ｽv �ｽ�ｽ�ｽp�ｽﾒの関与: �ｽs�ｽv �ｽe�ｽ�ｽ�ｽﾌ想�ｽ�ｽﾍ茨ｿｽ: �ｽﾏ更�ｽﾈゑｿｽ �ｽ@�ｽ�ｽ�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(C): �ｽﾈゑｿｽ �ｽ�ｽ�ｽS�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(I): �ｽ�ｽ �ｽﾂ用�ｽ�ｽ�ｽﾖの影�ｽ�ｽ(A): �ｽﾈゑｿｽ
�ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ

�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ JDK 8 Update 341 JDK 8 Update 345-perf JDK 11.0.16.1 JDK 17.0.4.1 JDK 19 JRE 8 Update 341 JRE 8 Update 345-perf JRE 11.0.16.1 JRE 17.0.4.1 JRE 19 Oracle GraalVM Enterprise Edition 20.3.7 Oracle GraalVM Enterprise Edition 21.3.3 Oracle GraalVM Enterprise Edition 22.2.0 �ｽ�ｽ�ｽ�ｽ Cosminexus Developer's Kit for Java(TM) Hitachi Application Server Hitachi Application Server for Developers Hitachi Automation Director Hitachi Automation Director (�ｽ�ｽ�ｽ�ｽ�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Compute Systems Manager Hitachi Configuration Manager Hitachi Developer's Kit for Java Hitachi Device Manager Hitachi Dynamic Link Manager Hitachi Global Link Manager Hitachi Infrastructure Analytics Advisor (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center Administrator (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center Analyzer (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center Analyzer viewpoint (�ｽC�ｽO�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Ops Center API Configuration Manager Hitachi Ops Center Automator Hitachi Ops Center Common Services Hitachi Ops Center Viewpoint (�ｽ�ｽ�ｽ�ｽ�ｽﾌ費ｿｽ�ｽﾌゑｿｽ) Hitachi Replication Manager Hitachi Tiered Storage Manager Hitachi Tuning Manager uCosminexus Application Runtime with Java for Apache Tomcat uCosminexus Application Server uCosminexus Application Server(64) uCosminexus Application Server-R uCosminexus Client uCosminexus Developer uCosminexus Operator for Service Platform uCosminexus Primary Server Base uCosminexus Primary Server Base(64) uCosminexus Service Architect uCosminexus Service Platform uCosminexus Service Platform(64)
�ｽ{�ｽﾆ弱性�ｽﾌ影�ｽ�ｽ�ｽ�ｽ�ｽｯる製�ｽi�ｽﾌ詳細につゑｿｽ�ｽﾄは、�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽｨゑｿｽﾑ参�ｽl�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽm�ｽF�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽz�ｽ閧ｳ�ｽ�ｽ�ｽe�ｽ�ｽ
�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽg�ｽﾌ攻�ｽ�ｽ�ｽﾒにゑｿｽ�ｽA�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽｳゑｿｽ�ｽﾂ能�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾜゑｿｽ�ｽB
�ｽﾎ搾ｿｽ
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ關ｳ�ｽ�ｽ�ｽﾈ対策が鯉ｿｽ�ｽJ�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽﾜゑｿｽ�ｽB�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ�ｽ�ｽQ�ｽﾆゑｿｽ�ｽﾄ適�ｽﾘな対搾ｿｽ�ｽ�ｽ�ｽ�ｽ{�ｽ�ｽ�ｽﾄゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB
�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ
�ｽI�ｽ�ｽ�ｽN�ｽ�ｽ Oracle Critical Patch Update : Oracle Critical Patch Update Advisory - October 2022 Oracle Critical Patch Update : Text Form of Oracle Critical Patch Update - October 2022 Risk Matrices �ｽ�ｽ�ｽ�ｽ Hitachi Software Vulnerability Information : hitachi-sec-2022-133 Hitachi Software Vulnerability Information : hitachi-sec-2022-139 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : hitachi-sec-2022-133 �ｽ\�ｽt�ｽg�ｽE�ｽF�ｽA�ｽ�ｽ�ｽi�ｽZ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : hitachi-sec-2022-139
CWE�ｽﾉゑｿｽ�ｽﾆ弱性�ｽ^�ｽC�ｽv�ｽ齬� CWE�ｽﾆゑｿｽ?
�ｽ�ｽ�ｽs�ｽ�ｽ(CWE-noinfo) [NVD�ｽ]�ｽ�ｽ]
�ｽ�ｽ�ｽﾊ脆弱性�ｽ�ｽ�ｽﾊ子(CVE) CVE�ｽﾆゑｿｽ?
CVE-2022-21619
�ｽQ�ｽl�ｽ�ｽ�ｽ
National Vulnerability Database (NVD) : CVE-2022-21619 IPA �ｽd�ｽv�ｽﾈセ�ｽL�ｽ�ｽ�ｽ�ｽ�ｽe�ｽB�ｽ�ｽ�ｽ : Oracle Java �ｽﾌ脆弱性�ｽﾎ搾ｿｽﾉつゑｿｽ�ｽ�ｽ(CVE-2022-21628�ｽ�ｽ) JPCERT �ｽ�ｽ�ｽﾓ奇ｿｽ�ｽN : JPCERT-AT-2022-0029
�ｽX�ｽV�ｽ�ｽ�ｽ�ｽ
[2022�ｽN10�ｽ�ｽ25�ｽ�ｽ] �ｽf�ｽ�ｽ [2022�ｽN11�ｽ�ｽ09�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽﾌ追会ｿｽ�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV �ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽF�ｽ�ｽ�ｽ�ｽ (hitachi-sec-2022-139) �ｽ�ｽﾇ会ｿｽ [2023�ｽN08�ｽ�ｽ29�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ (hitachi-sec-2022-139) �ｽﾌ更�ｽV�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV [2024�ｽN12�ｽ�ｽ19�ｽ�ｽ] �ｽe�ｽ�ｽ�ｽ�ｽ�ｽｯゑｿｽV�ｽX�ｽe�ｽ�ｽ�ｽF�ｽx�ｽ�ｽ�ｽ_�ｽ�ｽ�ｽ (hitachi-sec-2022-133) �ｽﾌ更�ｽV�ｽﾉ費ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽX�ｽV


�ｽ�ｽ�ｽ\�ｽ�ｽ	2022/10/18
�ｽo�ｽ^�ｽ�ｽ	2022/10/25
�ｽﾅ終�ｽX�ｽV�ｽ�ｽ	2024/12/19

Oracle Java SE �ｽ�ｽ�ｽ�ｽ�ｽ Oracle GraalVM Enterprise Edition �ｽﾉゑｿｽ�ｽ�ｽ�ｽ�ｽ Security �ｽﾉ関ゑｿｽ�ｽ�ｽﾆ弱性