Summary
Extreme Networks is evaluating exposure to Oracle Java SE vulnerabilities enumerated in https://openjdk.org/groups/vulnerability/advisories/2022-04-19:
CVE-2022-21426
CVE-2022-21434
CVE-2022-21443
CVE-2022-21449
CVE-2022-21476
CVE-2022-21496
Products not listed in the Impact Details section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.
Products Potentially Affected
Impact Details
| OS/Product |
Exposure |
| Extreme AirDefense |
No |
| Extreme Campus Controller (ExtremeCloud Appliance) |
Yes |
| Extreme Management Center (XMC) |
No |
| ExtremeAnalytics |
No |
| ExtremeCloud A3 |
Yes |
| ExtremeCloud IQ |
No |
| ExtremeConnect |
No |
| ExtremeControl |
No |
| ExtremeGuest (Essentials) |
No |
| ExtremeGuest (On-Premises) |
No |
| ExtremeLocation |
No |
| Fabric Manager |
No |
| Guest and IoT Manager (GIM) |
No |
| HiveManager Classic On-Premises |
No |
| HiveManager Classic Online |
No |
| IQ Engine (HiveOS) |
No |
| IQVA |
No |
| Traffic Sensor |
No |
| XIQ-SE |
No |
| EOS (S/K/7100) |
No |
| Nsight |
No |
| WiNG |
No |
| Extreme Fabric Automation (EFA) |
No |
| Extreme SD-WAN |
No |
| Ipanema SALSA |
No |
| Ipanema SD-WAN Orchestrator |
No |
Repair Recommendations
Extreme Campus Controller (ExtremeCloud Appliance):
Fixed in 10.03 and later.
ExtremeCloud A3:
Fixed in 5.0.0 and later.
Please see the full Security Advisory article here for more details.
