Hi,
Somehow I could not find any information on whether Commvault is affected by CVE-2022-21449, the Java “Psychic Signatures” vulnerability. It seems to affect only JDK 15 or later.. Is there anybody having the information on this?
Thank you.
Hi,
Somehow I could not find any information on whether Commvault is affected by CVE-2022-21449, the Java “Psychic Signatures” vulnerability. It seems to affect only JDK 15 or later.. Is there anybody having the information on this?
Thank you.
Hi
We are not affected by this vulnerability The CVE-2022-21449 only affect Oracle Java products versions 17.0.2 and 18 https://nvd.nist.gov/vuln/detail/CVE-2022-21449
Commvault is no longer using Oracle Java, we switched to AdopOpenJDK and currently using version 11.0.8 https://documentation.commvault.com/11.24/expert/121377_third_party_applications_installed_by_commvault_installer.html
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.