Issue:
PowerChute Network Shutdown v4.4.1 ships with OpenJDK 15, which includes an EDCSA vulnerability (CVE-2022-21449) as reported here.
Product:
PowerChute Network Shutdown v4.4.1
Environment:
All supported operating systems
Solution:
Upgrade the Java version used by PowerChute to OpenJDK 17.0.3.
Vulnerable cipher suites:
PowerChute Network Shutdown v4.4.1 ships with OpenJDK 15, which includes an EDCSA vulnerability (CVE-2022-21449) as reported here.
Product:
PowerChute Network Shutdown v4.4.1
Environment:
All supported operating systems
Solution:
Upgrade the Java version used by PowerChute to OpenJDK 17.0.3.
Vulnerable cipher suites:
NONEwithECDSA
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
SHA3-224withECDSA
SHA3-256withECDSA
SHA3-384withECDSA
SHA3-512withECDSA
NONEwithECDSAinP1363Format
SHA1withECDSAinP1363Format
SHA224withECDSAinP1363Format
SHA256withECDSAinP1363Format
SHA384withECDSAinP1363Format
SHA512withECDSAinP1363Format
SHA3-224withECDSAinP1363Format
SHA3-256withECDSAinP1363Format
SHA3-384withECDSAinP1363Format
SHA3-512withECDSAinP1363Format
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
SHA3-224withECDSA
SHA3-256withECDSA
SHA3-384withECDSA
SHA3-512withECDSA
NONEwithECDSAinP1363Format
SHA1withECDSAinP1363Format
SHA224withECDSAinP1363Format
SHA256withECDSAinP1363Format
SHA384withECDSAinP1363Format
SHA512withECDSAinP1363Format
SHA3-224withECDSAinP1363Format
SHA3-256withECDSAinP1363Format
SHA3-384withECDSAinP1363Format
SHA3-512withECDSAinP1363Format
NOTE: PowerChute does not use any of the above cipher suites for its web server and is therefore not vulnerable to the issue. For added assurance, you can upgrade to OpenJDK 17.0.3.
