Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1575

Update Oracle JDBC Driver to 19.19.0.0 due to 3rd-party vulnerability issue CVE-2022-21510

    XMLWordPrintable

Details

    • CVE-2022-21510

    Description

      Current Situation

      • JS7 (JobScheduler branch 2.x) Agent and JOC Cockpit Web Services ship with the Oracle JDBC Driver 21.8.0.0.
      • A vulnerability communicated by a CVE advisory affects this version,
      • Risk Mitigation
        The issue is rated high by CVE. 
        We rate the impact to our software as low as the attack scenario described works only with administrative access to servers operating JOC Cockpit and Agents.

      Desired Behavior

      • JobScheduler releases 2.6.0 and 2.5.4 ship with Oracle JDBC Driver 19.19.0.0.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            ap Andreas Püschel
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: