Hi,
Somehow I could not find any information on whether Commvault is affected by CVE-2022-21449, the Java “Psychic Signatures” vulnerability. It seems to affect only JDK 15 or later.. Is there anybody having the information on this?
Thank you.
Is Commvault vulnerable to CVE-2022-21449?
If you have a question or comment, please create a topic
Userlevel 7
+23
- Vaulter
- 4998 replies
-
28 April 2022
- Answer
Hi
We are not affected by this vulnerability The CVE-2022-21449 only affect Oracle Java products versions 17.0.2 and 18 https://nvd.nist.gov/vuln/detail/CVE-2022-21449
Commvault is no longer using Oracle Java, we switched to AdopOpenJDK and currently using version 11.0.8 https://documentation.commvault.com/11.24/expert/121377_third_party_applications_installed_by_commvault_installer.html
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.