Is PRTG affected by CVE-2022-21449 or CVE-2022-21476? If so, is there any mitigation possible?
Created on Apr 25, 2022 8:07:29 AM by
Is PRTG affected by CVE-2022-21449 or CVE-2022-21476
Votes:
0
1 Reply
Votes:
0
This article applies to ITOps Board installations before April 19th 2022
In response to the Amazon Cornetto, OpenJDK and Oracle Java SE Vulnerability, we at Paessler can confirm that our software Paessler PRTG Network Monitor, Paessler PRTG Enterprise Monitor and Paessler PRTG Hosted Monitor are not affected.
Additional notes:
If you use ITOps Board with an installation before April 19th 2022, your ITOps Board installation may be affected and your action is required!
Depending on the Java runtime that chose on installation, please refer to the following table:
Required mitigation steps:
| Amazon Corretto | https://github.com/corretto/corretto-11/blob/develop/CHANGELOG.md | Upgrade to 11.0.15.9.1 or higher |
|---|---|---|
| Oracle Java SE | https://www.oracle.com/java/technologies/javase/8u331-relnotes.html | Upgrade to Java JRE V8 u331 or higher |
| OpenJDK | https://www.oracle.com/java/technologies/javase/17-0-3-relnotes.html | Upgrade to 17.0.3+8 or higher (do not upgrade to OpenJDK 18 because it is not compatible with Elasticsearch 6.8.x) |
Created on Apr 25, 2022 8:32:19 AM by
Last change on Apr 25, 2022 9:58:38 AM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment