{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2022-21724","title":"Title"},{"category":"description","text":"pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2022-21724","url":"https://www.suse.com/security/cve/CVE-2022-21724"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1195561 for CVE-2022-21724","url":"https://bugzilla.suse.com/1195561"},{"category":"external","summary":"SUSE Bug 1204789 for CVE-2022-21724","url":"https://bugzilla.suse.com/1204789"},{"category":"external","summary":"Advisory link for SUSE-SU-2022:2143-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-June/011318.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2022:2145-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-June/011317.html"}],"title":"SUSE CVE CVE-2022-21724","tracking":{"current_release_date":"2025-08-18T01:35:13Z","generator":{"date":"2023-02-15T03:29:05Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2022-21724","initial_release_date":"2023-02-15T03:29:05Z","revision_history":[{"date":"2023-02-15T03:29:05Z","number":"2","summary":"Current version"},{"date":"2025-01-01T03:17:13Z","number":"3","summary":"Current version"},{"date":"2025-01-28T00:40:32Z","number":"4","summary":"Current version"},{"date":"2025-02-14T08:02:01Z","number":"5","summary":"Current version"},{"date":"2025-02-16T07:44:36Z","number":"6","summary":"Current version"},{"date":"2025-03-15T07:49:22Z","number":"7","summary":"Current version"},{"date":"2025-04-08T02:30:05Z","number":"8","summary":"Current version"},{"date":"2025-06-26T03:24:40Z","number":"9","summary":"Current version"},{"date":"2025-07-02T02:37:34Z","number":"10","summary":"Current version"},{"date":"2025-08-18T01:35:13Z","number":"11","summary":"Current version"}],"status":"interim","version":"11"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"HPE Helion OpenStack 8","product":{"name":"HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8","product_identification_helper":{"cpe":"cpe:/o:suse:hpe-helion-openstack:8"}}},{"category":"product_name","name":"SUSE Enterprise Storage 7.1","product":{"name":"SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7.1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 12 SP5","product":{"name":"SUSE Linux Enterprise High Performance Computing 12 SP5","product_id":"SUSE Linux Enterprise High Performance Computing 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-hpc:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP4","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Server Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Module for Server Applications 15 SP3","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-server-applications:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Server Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Module for Server Applications 15 SP4","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-server-applications:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Real Time 15 SP3","product":{"name":"SUSE Linux Enterprise Real Time 15 SP3","product_id":"SUSE Linux Enterprise Real Time 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle_rt:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1","product":{"name":"SUSE Linux Enterprise Server 11 SP1","product_id":"SUSE Linux Enterprise Server 11 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3","product":{"name":"SUSE Linux Enterprise Server 11 SP3","product_id":"SUSE Linux Enterprise Server 11 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2-BCL","product":{"name":"SUSE Linux Enterprise Server 12 SP2-BCL","product_id":"SUSE Linux Enterprise Server 12 SP2-BCL","product_identification_helper":{"cpe":"cpe:/o:suse:sles-bcl:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-BCL","product":{"name":"SUSE Linux Enterprise Server 12 SP3-BCL","product_id":"SUSE Linux Enterprise Server 12 SP3-BCL","product_identification_helper":{"cpe":"cpe:/o:suse:sles-bcl:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product":{"name":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-espos:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4-ESPOS","product":{"name":"SUSE Linux Enterprise Server 12 SP4-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP4-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-espos:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP5","product":{"name":"SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3","product":{"name":"SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP4","product":{"name":"SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Business Critical Linux 15 SP3","product":{"name":"SUSE Linux Enterprise Server Business Critical Linux 15 SP3","product_id":"SUSE Linux Enterprise Server Business Critical Linux 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_bcl:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server Teradata 12 SP3","product":{"name":"SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_teradata:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp4"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.2","product":{"name":"SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.2"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.3","product":{"name":"SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.3"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.2","product":{"name":"SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.3","product":{"name":"SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.3"}}},{"category":"product_name","name":"SUSE Manager Server 4.2","product":{"name":"SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Server 4.3","product":{"name":"SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.3"}}},{"category":"product_name","name":"SUSE Manager Server Module 4.1","product":{"name":"SUSE Manager Server Module 4.1","product_id":"SUSE Manager Server Module 4.1","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-suse-manager-server:4.1"}}},{"category":"product_name","name":"SUSE Manager Server Module 4.2","product":{"name":"SUSE Manager Server Module 4.2","product_id":"SUSE Manager Server Module 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-suse-manager-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Server Module 4.3","product":{"name":"SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-suse-manager-server:4.3"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 8","product":{"name":"SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 9","product":{"name":"SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:9"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 8","product":{"name":"SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 9","product":{"name":"SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:9"}}},{"category":"product_version","name":"postgresql-jdbc","product":{"name":"postgresql-jdbc","product_id":"postgresql-jdbc","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc@?upstream=postgresql-jdbc.src.rpm"}}},{"category":"product_version","name":"postgresql-jdbc-42.2.10-150200.3.8.2","product":{"name":"postgresql-jdbc-42.2.10-150200.3.8.2","product_id":"postgresql-jdbc-42.2.10-150200.3.8.2","product_identification_helper":{"cpe":"cpe:2.3:a:postgresql:pgjdbc:42.2.10:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/postgresql-jdbc@42.2.10-150200.3.8.2?upstream=postgresql-jdbc-42.2.10-150200.3.8.2.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc-42.2.10-150200.3.8.2 as component of SUSE Manager Server Module 4.1","product_id":"SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-150200.3.8.2"},"product_reference":"postgresql-jdbc-42.2.10-150200.3.8.2","relates_to_product_reference":"SUSE Manager Server Module 4.1"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of HPE Helion OpenStack 8","product_id":"HPE Helion OpenStack 8:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"HPE Helion OpenStack 8"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 12 SP5","product_id":"SUSE Linux Enterprise High Performance Computing 12 SP5:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Module for Server Applications 15 SP3","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Module for Server Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Proxy 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Module for Server Applications 15 SP4","product_id":"SUSE Linux Enterprise Module for Server Applications 15 SP4:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Module for Server Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Real Time 15 SP3","product_id":"SUSE Linux Enterprise Real Time 15 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Real Time 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 11 SP1","product_id":"SUSE Linux Enterprise Server 11 SP1:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 11 SP3","product_id":"SUSE Linux Enterprise Server 11 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP2-BCL","product_id":"SUSE Linux Enterprise Server 12 SP2-BCL:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2-BCL"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP3-BCL","product_id":"SUSE Linux Enterprise Server 12 SP3-BCL:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-BCL"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP3-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP3-ESPOS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP4-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP4-ESPOS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP4-LTSS:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4-LTSS"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server 12 SP5","product_id":"SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server Business Critical Linux 15 SP3","product_id":"SUSE Linux Enterprise Server Business Critical Linux 15 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server Business Critical Linux 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server Teradata 12 SP3","product_id":"SUSE Linux Enterprise Server Teradata 12 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server Teradata 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Server Module 4.2","product_id":"SUSE Manager Server Module 4.2:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Server Module 4.2"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE OpenStack Cloud 8","product_id":"SUSE OpenStack Cloud 8:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE OpenStack Cloud 8"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE OpenStack Cloud 9","product_id":"SUSE OpenStack Cloud 9:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE OpenStack Cloud 9"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 8"},{"category":"default_component_of","full_product_name":{"name":"postgresql-jdbc as component of SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9:postgresql-jdbc"},"product_reference":"postgresql-jdbc","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 9"}]},"vulnerabilities":[{"cve":"CVE-2022-21724","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-21724"}],"notes":[{"category":"general","text":"pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.","title":"CVE description"}],"product_status":{"known_not_affected":["HPE Helion OpenStack 8:postgresql-jdbc","SUSE Enterprise Storage 7.1:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 12 SP5:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP3:postgresql-jdbc","SUSE Linux Enterprise High Performance Computing 15 SP4:postgresql-jdbc","SUSE Linux Enterprise Module for Server Applications 15 SP3:postgresql-jdbc","SUSE Linux Enterprise Module for Server Applications 15 SP4:postgresql-jdbc","SUSE Linux Enterprise Real Time 15 SP3:postgresql-jdbc","SUSE Linux Enterprise Server 11 SP1 for Teradata:postgresql-jdbc","SUSE Linux Enterprise Server 11 SP1:postgresql-jdbc","SUSE Linux Enterprise Server 11 SP3 for Teradata:postgresql-jdbc","SUSE Linux Enterprise Server 11 SP3:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP2-BCL:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP3-BCL:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP3-ESPOS:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP3-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP4-ESPOS:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP4-LTSS:postgresql-jdbc","SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc","SUSE Linux Enterprise Server 15 SP3:postgresql-jdbc","SUSE Linux Enterprise Server 15 SP4:postgresql-jdbc","SUSE Linux Enterprise Server Business Critical Linux 15 SP3:postgresql-jdbc","SUSE Linux Enterprise Server Teradata 12 SP3:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 12 SP3:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 12 SP4:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 15 SP3:postgresql-jdbc","SUSE Linux Enterprise Server for SAP Applications 15 SP4:postgresql-jdbc","SUSE Manager Proxy 4.2:postgresql-jdbc","SUSE Manager Proxy 4.3:postgresql-jdbc","SUSE Manager Retail Branch Server 4.2:postgresql-jdbc","SUSE Manager Retail Branch Server 4.3:postgresql-jdbc","SUSE Manager Server 4.2:postgresql-jdbc","SUSE Manager Server 4.3:postgresql-jdbc","SUSE Manager Server Module 4.2:postgresql-jdbc","SUSE Manager Server Module 4.3:postgresql-jdbc","SUSE OpenStack Cloud 8:postgresql-jdbc","SUSE OpenStack Cloud 9:postgresql-jdbc","SUSE OpenStack Cloud Crowbar 8:postgresql-jdbc","SUSE OpenStack Cloud Crowbar 9:postgresql-jdbc"],"recommended":["SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-150200.3.8.2"]},"references":[{"category":"external","summary":"CVE-2022-21724","url":"https://www.suse.com/security/cve/CVE-2022-21724"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1195561 for CVE-2022-21724","url":"https://bugzilla.suse.com/1195561"},{"category":"external","summary":"SUSE Bug 1204789 for CVE-2022-21724","url":"https://bugzilla.suse.com/1204789"},{"category":"external","summary":"Advisory link for SUSE-SU-2022:2143-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-June/011318.html"},{"category":"external","summary":"Advisory link for SUSE-SU-2022:2145-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2022-June/011317.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-150200.3.8.2"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"products":["SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-150200.3.8.2"]}],"threats":[{"category":"impact","date":"2022-02-02T14:00:17Z","details":"moderate"}],"title":"CVE-2022-21724"}]}