{}

Search FAQs

{"searchBar":{"inputPlaceholder":"Search by keyword or ask a question","searchBtn":"Search","error":"Please enter a keyword to search"}}

PowerChute Network Shutdown v4.4.1 - OpenJDK 15 EDCSA vulnerability

Issue:
PowerChute Network Shutdown v4.4.1 ships with OpenJDK 15 which includes an EDCSA vulnerability (CVE-2022-21449) as reported here.

Product:
PowerChute Network Shutdown v4.4.1

Environment:
All supported operating systems

Solution:
Upgrade the Java version used by PowerChute to OpenJDK 17.0.3.

Vulnerable cipher suites:
NONEwithECDSA
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
SHA3-224withECDSA
SHA3-256withECDSA
SHA3-384withECDSA
SHA3-512withECDSA
NONEwithECDSAinP1363Format
SHA1withECDSAinP1363Format
SHA224withECDSAinP1363Format
SHA256withECDSAinP1363Format
SHA384withECDSAinP1363Format
SHA512withECDSAinP1363Format
SHA3-224withECDSAinP1363Format
SHA3-256withECDSAinP1363Format
SHA3-384withECDSAinP1363Format
SHA3-512withECDSAinP1363Format

NOTE: PowerChute does not use any of the above cipher suites for its web server and is therefore not vulnerable to the issue. For added assurance, you can upgrade to OpenJDK 17.0.3.


Did this answer your question?

Explore more
Explore more
Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.