Appsec Phoenix

Security Vulnerability of the Week 25/04/22

Date Posted: 25th April 2022

This is the first launch of a series of blog posts on Security Vulnerabilities that we will explore week on week.

This week java is featured as it has been receiving a lot of attention since the beginning of the year

Read the related Blogs:



The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition –

  • Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18
  • Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.

POC Available – Patched since 19/4/22

Old but not old – still spring framework

emote code execution (RCE) vulnerability racked as CVE-2010-1622,


 CVE-2022-0540 and comes with a severity rating of 9.9

More specifically, the following versions are impacted:

  • Jira Core Server, Software Server, and Software Data Center before 8.13.18, the 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x before 8.20.6, and 8.21.x.
  • Jira Service Management Server and Management Data Center before 4.13.18, the 4.14.x, 4.15.x, 4.16.x, 4.17.x, 4.18.x, 4.19.x, 4.20.x before 4.20.6, 4.21.x.

Bonus Infra:


Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely.

Fraser Hess of Pinnacol Assurance found the flaw (tracked as CVE-2022-20773) in the key-based SSH authentication mechanism of Cisco Umbrella VA.

but Cisco says that the SSH service is not enabled by default on Umbrella on-premise virtual machines, significantly lowering the vulnerability’s overall impact.

CVE-2022-20783 (CVSS score: 7.5), affects Cisco TelePresence Collaboration Endpoint (CE) 

CVE-2022-20773 (CVSS score: 7.5),

a third high-severity vulnerability is a case of privilege escalation in Cisco Virtualized Infrastructure Manager (CVE-2022-20732, CVSS score: 7.8)

More details:

Share this article



x Logo: Security Protection
This Site Is Protected By
Security Protection