The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7006 advisory.

    [1:1.8.0.352.b08-2]
    - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
    - Add test to ensure timezones can be translated
    - Related: rhbz#2133695

    [1:1.8.0.352.b08-1]
    - Update to shenandoah-jdk8u352-b08 (GA)
    - Update release notes for shenandoah-8u352-b08.
    - Rebase FIPS patch against 8u352-b07
    - * This tarball is embargoed until 2022-10-18 @ 1pm PT. *
    - Resolves: rhbz#2133695

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 8 : java-1.8.0-openjdk (ELSA-2022-7006)

low Nessus Plugin ID 166369

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.6 Oct 23, 2024, 10:51 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin Feed: 202410232251
Version 1.5 Oct 22, 2024, 9:14 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata CVSS metrics ("Cvssv4 score" set to 0.0) Plugin Feed: 202410222114
Version 1.4 Oct 9, 2023, 5:00 PM Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Plugin Feed: 202310091700
Version 1.3 Mar 23, 2023, 4:25 PM CVSS metrics ("CVSSv2 score" changed from "5.0" to "2.6". "CVSSv2 score" changed from "5.0" to "2.6". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P" to "CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P" to "CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P" to "CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N") CVSSv2 score source (changed from "CVE-2022-21626" to "CVE-2022-21624") CVSSv2 severity (based on CVE-2022-21624, severity decreased from "Medium" to "Low") Plugin Feed: 202303231625
Version 1.2 Oct 21, 2022, 12:57 PM New Plugin Feed: 202210211257