Impact of Java Vulnerabilities on Oracle Products - April 2022

Impact of Java vulnerabilities reported and patched by Oracle on Pharos products

5/24/2022 Update: Pharos has confirmed that none of our iMFP products nor our Ricoh SE50 are impacted by this vulnerability.

4/27/2022 Update: Our investigations have concluded that our Canon, Lexmark, and Ricoh iMFP implementations do not use the impacted Java versions. HP and KM iMFP products do not use Java and are not impacted.

4/20/2022 Update: 

Pharos Uniprint and Blueprint are not vulnerable to this exploit.

While there are some potentially vulnerable components inside Pharos Cloud, they are not accessible and therefore not exposed to this exploit. Pharos has begun the process to upgrade those components.

Oracle have announced and released patches for a new vulnerability in Java that can affect any product written using this programming language, plus several Oracle Products directly.

The vulnerability has the code: CVE-2022-21449 (Psychic Signatures or Psychic Paper) and has been assigned a CVSS score of 7.5 (High). Details on Oracle’s affected products are here , which includes information on how to patch these products. NVD details on the vulnerability can be found here.