Psychic Signature Vulnerability

Date: 29th April

Issue:

Secure Code Warrior is aware of the recently disclosed CVE-2022-21449 vulnerability, Psychic Signatures in Java.

Impact:

We have assessed our internal environment for services that may use the vulnerable Java components. At the time of this update, Secure Code Warrior confirms we are not impacted.

We are actively monitoring this issue, and are working with our critical suppliers to understand impacts in the supply chain that might have an impact on services we offer you.

For more information, please refer to the information below. Read our blog -  psychic-signatures

Other resources:

• https://jfrog.com/blog/cve-2022-21449-psychic-signatures-analyzing-the-new-java-crypto-vulnerability/

• https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

Next Update:

Updates will be posted to this thread as additional information becomes available.