https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19669#M4 Hello, any <A href="https://community.extremenetworks.com/communities/productannouncementcommunityhome?CommunityKey=4e5e471a-0c9e-4d88-ae3c-5301ff1f9a7e" target="_blank" rel="noopener">Vulnerability Notices put out by Extreme can be found here</A>. You can subscribe to that community to get an email every time there is a new VN identified. Thu, 20 Jan 2022 16:38:00 GMT SamPirok 2022-01-20T16:38:00Z https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19668#M3 Oracle released their CPU Advisories for Jan 2022<BR /><A href="&lt;https://www.oracle.com/security-alerts/cpujan2022.html" target="_blank" rel="noopener" title="Oracle CPU">https://www.oracle.com/security-alerts/cpujan2022.html</A><BR /><BR />Besides others there are several CVEs for Java and Mysql listed.<BR /><BR />I would like to know if and how XMC is affected Thu, 20 Jan 2022 12:17:00 GMT https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19668#M3 e_steuber 2022-01-20T12:17:00Z https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19669#M4 Hello, any <A href="https://community.extremenetworks.com/communities/productannouncementcommunityhome?CommunityKey=4e5e471a-0c9e-4d88-ae3c-5301ff1f9a7e" target="_blank" rel="noopener">Vulnerability Notices put out by Extreme can be found here</A>. You can subscribe to that community to get an email every time there is a new VN identified. Thu, 20 Jan 2022 16:38:00 GMT https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19669#M4 SamPirok 2022-01-20T16:38:00Z https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19670#M5 I thank you for the link, but checking the xmc versions of java and mysql looks like they are affected.<BR /><BR /><BR />Shurly a non announcement is no "not affected statement". <BR /><BR />The XMC installed java version is: openjdk version "1.8.0_222"<BR /><BR />Openjdk says:<BR /> <H4>OpenJDK Vulnerability Advisory: 2022/01/18</H4> <P>The following vulnerabilities in OpenJDK source code were fixed in this release. <STRONG>The affected versions are 17.0.1, 15.0.5, 13.0.9, 11.0.13, 8u312, 7u321, and earlier</STRONG>. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you <STRONG>upgrade as soon as possible.<BR /><BR /><BR /></STRONG>The xmc installed mysql version is: Ver 14.14 Distrib 5.7.27, for linux-glibc2.12 (x86_64) using EditLine wrapper<BR /><BR />Oracle lists for example CVE-2021-22946 with a score of 7.5 witch is remote exploitable with mysql 5.7.36 and prior.<BR /><BR /></P> Thu, 20 Jan 2022 17:26:00 GMT https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19670#M5 e_steuber 2022-01-20T17:26:00Z https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19671#M6 I appreciate you elaborating for me. I spoke with our security team about this and they requested that we open a&nbsp; support case so our support team can initiate a PSIRT/CVE review for this specifically. You can open a case on our <A href="https://community.extremenetworks.com/extremeportal.force.com" target="_blank" rel="noopener">Extreme Portal,</A> under Support. Thu, 20 Jan 2022 20:15:00 GMT https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19671#M6 SamPirok 2022-01-20T20:15:00Z https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19672#M7 I already opend a case: 02508098<BR /><BR />But thought maybe the topic was already discussed here. Fri, 21 Jan 2022 09:18:00 GMT https://community.extremenetworks.com/t5/general-network-management/oracle-critical-patch-update-advisory-jan-2022/m-p/19672#M7 e_steuber 2022-01-21T09:18:00Z