Java Discovers Annual Encryption Vulnerability
Recently, security researcher Khaled Nassar made public on GitHub the PoC code for a newly disclosed digital signature bypass vulnerability in Java, tracked as CVE-2022-21449.
The vulnerability is known to have been discovered by Neil Madden, a researcher at security consulting firm ForgeRock, in November of last year, and was notified to Oracle the same day.
Although Oracle gave the vulnerability a CVSS rating of 7.5, ForgeRock said they had privately disclosed the vulnerability when it was first discovered and rated the vulnerability a 10 on the CVSS.