vulnerability

IBM AIX: java_dec2022_advisory (CVE-2021-28167): Multiple vulnerabilities in IBM Java SDK affect AIX

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Apr 21, 2021	Jul 27, 2023	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Apr 21, 2021

Added

Jul 27, 2023

Modified

Aug 11, 2025

Description

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a user to observe uninitialized values.

Solution

ibm-aix-java_dec2022_advisory

References

CVE-2021-28167
https://attackerkb.com/topics/CVE-2021-28167
CWE-909
URL-https://aix.software.ibm.com/aix/efixes/security/java_dec2022_advisory.asc

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today