Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2025-21502

Vulnerability from fkie_nvd - Published: 2025-01-21 21:15 - Updated: 2025-06-18 19:07

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2025.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/01/25/6	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250124-0009/	Third Party Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.16
oracle	graalvm	21.3.12
oracle	graalvm_for_jdk	17.0.13
oracle	graalvm_for_jdk	21.0.5
oracle	graalvm_for_jdk	23.0.1
oracle	jdk	1.8.0
oracle	jdk	11.0.25
oracle	jdk	17.0.13
oracle	jdk	21.0.5
oracle	jdk	23.0.1
oracle	jre	1.8.0
oracle	jre	11.0.25
oracle	jre	17.0.13
oracle	jre	21.0.5
oracle	jre	23.0.1
debian	debian_linux	11.0
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	brocade_san_navigator	-
netapp	data_infrastructure_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
netapp	oncommand_workflow_automation	-
netapp	bootstrap_os	-
netapp	hci_compute_node	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "38EC7FE1-3BDA-4C3B-B8B6-388FADF4643B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CA42FD3E-9604-4EA4-8746-4FA6496F9AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F33FF64E-E051-41F9-911E-309D7501A61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C06D2E-B235-4D71-8963-DD81429F45C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA20019C-44F7-4B95-AFCC-D5CBB7DDE2E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update431:*:*:enterprise_performance_pack:*:*:*",
              "matchCriteriaId": "DFEAB87A-8485-4908-A335-737BBB74870F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "65E2541F-23A6-4D4B-9927-9009EBB68AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0EEB8A-598D-46BB-9D6E-0D8D5D4B211E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:21.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "00983735-78D7-4DA7-9997-749CE090EE0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:23.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32604DC-C2B0-4A22-B877-855961FD40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update431:*:*:enterprise_performance_pack:*:*:*",
              "matchCriteriaId": "C4E5EC8A-C716-4FC8-94E3-73E3C646F45F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB9861A-BE26-471B-9825-FF538DF7B00F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "842C9FAD-09CC-47D6-A087-51CB84D20B79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:21.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC078378-5367-42AC-877C-CD8633DDB24D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:23.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A56AAE-2F97-47B8-958A-81647F96792E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:data_infrastructure_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7A9455-165A-42CE-B5D1-648AACB2ED05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and  21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones compatibles afectadas son Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 y 21.3.12. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos ponga en peligro Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition, as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start en entornos aislados o applets Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo que proviene de Internet) y dependen de Java sandbox para la seguridad. Puntuaci\u00f3n base CVSS 3.1 4.8 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
    }
  ],
  "id": "CVE-2025-21502",
  "lastModified": "2025-06-18T19:07:57.247",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-21T21:15:15.180",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/01/25/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20250124-0009/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2024-47561

Vulnerability from fkie_nvd - Published: 2024-10-03 11:15 - Updated: 2025-07-10 21:04

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

References

URL	Tags
security@apache.org	https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/10/03/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20241011-0003/	Third Party Advisory

Impacted products

Vendor	Product	Version
apache	avro	*
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	brocade_san_navigator	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:avro:*:*:*:*:*:-:*:*",
              "matchCriteriaId": "6C46991D-B086-4087-9458-DAE10A86DE36",
              "versionEndExcluding": "1.11.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue."
    },
    {
      "lang": "es",
      "value": "El an\u00e1lisis de esquemas en el SDK de Java de Apache Avro 1.11.3 y versiones anteriores permite que actores maliciosos ejecuten c\u00f3digo arbitrario. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.11.4 o 1.12.0, que solucionan este problema."
    }
  ],
  "id": "CVE-2024-47561",
  "lastModified": "2025-07-10T21:04:01.920",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.2,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security@apache.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-03T11:15:13.510",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/10/03/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20241011-0003/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2023-21967

Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:44

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26CDEF2-A840-4957-A390-19E48AEEC70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10C81D-E148-4208-BA86-086B935A1254",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
              "versionEndExcluding": "8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
              "versionEndIncluding": "11.0.18",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
              "versionEndIncluding": "17.0.6",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
              "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
              "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
              "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
    }
  ],
  "id": "CVE-2023-21967",
  "lastModified": "2024-11-21T07:44:00.397",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-18T20:15:16.397",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-21968

Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26CDEF2-A840-4957-A390-19E48AEEC70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10C81D-E148-4208-BA86-086B935A1254",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
              "versionEndIncluding": "11.0.18",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
              "versionEndIncluding": "17.0.6",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
              "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
              "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
              "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2023-21968",
  "lastModified": "2024-11-21T07:44:00.860",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-18T20:15:16.470",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-21954

Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:43

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
              "versionEndExcluding": "8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
              "versionEndIncluding": "11.0.18",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
              "versionEndIncluding": "17.0.6",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
              "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
              "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
              "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
    }
  ],
  "id": "CVE-2023-21954",
  "lastModified": "2024-11-21T07:43:59.093",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-18T20:15:15.630",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-21937

Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26CDEF2-A840-4957-A390-19E48AEEC70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10C81D-E148-4208-BA86-086B935A1254",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
              "versionEndExcluding": "8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
              "versionEndIncluding": "11.0.18",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
              "versionEndIncluding": "17.0.6",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
              "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
              "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
              "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2023-21937",
  "lastModified": "2024-11-21T07:43:57.107",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-18T20:15:14.507",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-21939

Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:43

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26CDEF2-A840-4957-A390-19E48AEEC70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10C81D-E148-4208-BA86-086B935A1254",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
              "versionEndExcluding": "8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
              "versionEndIncluding": "11.0.18",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
              "versionEndIncluding": "17.0.6",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
              "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
              "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
              "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2023-21939",
  "lastModified": "2024-11-21T07:43:57.377",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-18T20:15:14.690",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-21938

Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:43

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.8
oracle	graalvm	21.3.4
oracle	graalvm	22.3.0
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "EAC60F95-C4B1-49E6-864A-DF5212E7A63C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4791BBB5-C094-45B6-A3A8-E96D3BF97DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "E4B331E5-74F5-411E-B997-7038A1DA445D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26CDEF2-A840-4957-A390-19E48AEEC70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10C81D-E148-4208-BA86-086B935A1254",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
              "versionEndExcluding": "8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
              "versionEndIncluding": "11.0.18",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
              "versionEndIncluding": "17.0.6",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
              "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
              "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
              "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
    }
  ],
  "id": "CVE-2023-21938",
  "lastModified": "2024-11-21T07:43:57.240",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-18T20:15:14.603",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-21930

Vulnerability from fkie_nvd - Published: 2023-04-18 20:15 - Updated: 2024-11-21 07:43

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

References

URL	Tags
secalert_us@oracle.com	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20240621-0006/
secalert_us@oracle.com	https://www.couchbase.com/alerts/	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
secalert_us@oracle.com	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpuapr2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230427-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.couchbase.com/alerts/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5430	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2023/dsa-5478	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.9
oracle	graalvm	21.3.5
oracle	graalvm	22.3.1
oracle	jdk	1.8.0
oracle	jdk	11.0.18
oracle	jdk	17.0.6
oracle	jdk	20
oracle	jre	1.8.0
oracle	jre	11.0.18
oracle	jre	17.0.6
oracle	jre	20
netapp	7-mode_transition_tool	-
netapp	brocade_san_navigator	-
netapp	cloud_insights_acquisition_unit	-
netapp	cloud_insights_storage_workload_security_agent	-
netapp	oncommand_insight	-
debian	debian_linux	10.0
debian	debian_linux	11.0
debian	debian_linux	12.0
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	*
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	8
oracle	openjdk	20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26CDEF2-A840-4957-A390-19E48AEEC70A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10C81D-E148-4208-BA86-086B935A1254",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
              "versionEndExcluding": "8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
              "versionEndIncluding": "11.0.18",
              "versionStartIncluding": "11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
              "versionEndIncluding": "17.0.6",
              "versionStartIncluding": "17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
              "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
              "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
              "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
              "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
              "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
              "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
              "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
              "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
              "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
              "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
              "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
              "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
              "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
              "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
              "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
              "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
              "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
              "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
              "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
              "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
              "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
              "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
              "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
              "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
              "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
              "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
              "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
              "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
              "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
              "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
              "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
              "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
              "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
              "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
              "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
              "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
              "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
              "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
              "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
              "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
              "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
              "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
              "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
              "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
              "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
              "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
              "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
              "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
              "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
              "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
              "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
              "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
              "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
              "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
              "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
              "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
              "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
              "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
              "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
    }
  ],
  "id": "CVE-2023-21930",
  "lastModified": "2024-11-21T07:43:56.237",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-04-18T20:15:13.883",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.couchbase.com/alerts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2022-22970

Vulnerability from fkie_nvd - Published: 2022-05-12 20:15 - Updated: 2024-11-21 06:47

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

References

URL	Tags
security@vmware.com	https://security.netapp.com/advisory/ntap-20220616-0006/	Third Party Advisory
security@vmware.com	https://tanzu.vmware.com/security/cve-2022-22970	Mitigation, Vendor Advisory
security@vmware.com	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20220616-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tanzu.vmware.com/security/cve-2022-22970	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
vmware	spring_framework	*
vmware	spring_framework	*
oracle	financial_services_crime_and_compliance_management_studio	8.0.8.2.0
oracle	financial_services_crime_and_compliance_management_studio	8.0.8.3.0
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	brocade_san_navigator	-
netapp	cloud_secure_agent	-
netapp	oncommand_insight	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "724585FA-0935-4E0E-AB96-C2A47BF97A5E",
              "versionEndIncluding": "5.2.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC3B05B-35F6-40C2-BD65-583515A753FB",
              "versionEndIncluding": "5.3.19",
              "versionStartIncluding": "5.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object."
    },
    {
      "lang": "es",
      "value": "En spring Framework versiones anteriores a 5.3.20+ , 5.2.22+ y las versiones antiguas no soportadas, las aplicaciones que manejan cargas de archivos son vulnerables a un ataque de denegaci\u00f3n de servicio si dependen de la vinculaci\u00f3n de datos para establecer un MultipartFile o javax.servlet.Part a un campo en un objeto modelo"
    }
  ],
  "id": "CVE-2022-22970",
  "lastModified": "2024-11-21T06:47:42.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-12T20:15:15.037",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220616-0006/"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22970"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220616-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2025-21502 (GCVE-0-2025-21502)

Vulnerability from cvelistv5 – Published: 2025-01-21 20:52 – Updated: 2025-02-07 11:02

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u431-perf Affected: Oracle Java SE:11.0.25 Affected: Oracle Java SE:17.0.13 Affected: Oracle Java SE:21.0.5 Affected: Oracle Java SE:23.0.1 Affected: Oracle GraalVM for JDK:17.0.13 Affected: Oracle GraalVM for JDK:21.0.5 Affected: Oracle GraalVM for JDK:23.0.1 Affected: Oracle GraalVM Enterprise Edition:20.3.16 Affected: Oracle GraalVM Enterprise Edition:21.3.12 cpe:2.3:a:oracle:java_se:8u431::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.25:::::::* cpe:2.3:a:oracle:java_se:17.0.13:::::::* cpe:2.3:a:oracle:java_se:21.0.5:::::::* cpe:2.3:a:oracle:java_se:23.0.1:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:::::::* cpe:2.3:a:oracle:graalvm:20.3.16::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.12::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T16:29:12.677151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T16:37:41.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-07T11:02:33.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250124-0009/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/25/6"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u431-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.25"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.5"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.16"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and  21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T20:52:56.446Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21502",
    "datePublished": "2025-01-21T20:52:56.446Z",
    "dateReserved": "2024-12-24T23:18:54.763Z",
    "dateUpdated": "2025-02-07T11:02:33.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47561 (GCVE-0-2024-47561)

Vulnerability from cvelistv5 – Published: 2024-10-03 10:23 – Updated: 2024-10-21 08:51

Summary

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

Severity ?

9.2 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxq…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Avro Java SDK	Affected: 0 , < 1.11.4 (semver)

Credits

Kostya Kortchinsky, from the Databricks Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-11T22:03:16.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/03/1"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241011-0003/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "avro",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "1.11.4",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47561",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T18:53:44.038603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T18:59:41.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.avro:avro",
          "product": "Apache Avro Java SDK",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.11.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kostya Kortchinsky, from the Databricks Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\u003cbr\u003eUsers are recommended to upgrade to version 1.11.4\u0026nbsp; or 1.12.0, which fix this issue."
            }
          ],
          "value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "critical"
            },
            "type": "Textual description of severity"
          }
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-21T08:51:22.972Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-47561",
    "datePublished": "2024-10-03T10:23:16.214Z",
    "dateReserved": "2024-09-27T07:06:47.522Z",
    "dateUpdated": "2024-10-21T08:51:22.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-23064 (GCVE-0-2020-23064)

Vulnerability from cvelistv5 – Published: 2023-06-26 00:00 – Updated: 2024-05-15 16:18

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-05-15T16:18:40.267236",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-23064",
    "datePublished": "2023-06-26T00:00:00",
    "dateRejected": "2024-05-15T00:00:00",
    "dateReserved": "2020-08-13T00:00:00",
    "dateUpdated": "2024-05-15T16:18:40.267236",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21968 (GCVE-0-2023-21968)

Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:33.467Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21968",
    "datePublished": "2023-04-18T19:54:34.372Z",
    "dateReserved": "2022-12-17T19:26:00.733Z",
    "dateUpdated": "2025-02-13T16:40:35.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21967 (GCVE-0-2023-21967)

Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21967",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:34:32.918522Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T13:34:40.120Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:05:57.984Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21967",
    "datePublished": "2023-04-18T19:54:33.967Z",
    "dateReserved": "2022-12-17T19:26:00.733Z",
    "dateUpdated": "2025-02-13T16:40:35.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21954 (GCVE-0-2023-21954)

Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T14:39:04.663342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T15:15:07.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:19.494Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21954",
    "datePublished": "2023-04-18T19:54:30.576Z",
    "dateReserved": "2022-12-17T19:26:00.728Z",
    "dateUpdated": "2025-02-13T16:40:32.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21939 (GCVE-0-2023-21939)

Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21939",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T19:26:29.575017Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T19:26:49.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:27.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:18.372Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21939",
    "datePublished": "2023-04-18T19:54:26.274Z",
    "dateReserved": "2022-12-17T19:26:00.722Z",
    "dateUpdated": "2025-02-13T16:40:28.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21937 (GCVE-0-2023-21937)

Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:34:57.672416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T13:35:04.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:51.844Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21937",
    "datePublished": "2023-04-18T19:54:25.624Z",
    "dateReserved": "2022-12-17T19:26:00.722Z",
    "dateUpdated": "2025-02-13T16:40:27.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21938 (GCVE-0-2023-21938)

Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.8 Affected: Oracle GraalVM Enterprise Edition:21.3.4 Affected: Oracle GraalVM Enterprise Edition:22.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:27.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T14:39:35.865049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T15:17:40.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.8"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:50.001Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21938",
    "datePublished": "2023-04-18T19:54:25.948Z",
    "dateReserved": "2022-12-17T19:26:00.722Z",
    "dateUpdated": "2025-02-13T16:40:27.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21930 (GCVE-0-2023-21930)

Vulnerability from cvelistv5 – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.3.5"
              },
              {
                "status": "affected",
                "version": "22.3.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.18"
              },
              {
                "status": "affected",
                "version": "17.0.6"
              },
              {
                "status": "affected",
                "version": "1.8.0"
              },
              {
                "status": "affected",
                "version": "20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.18"
              },
              {
                "status": "affected",
                "version": "17.0.6"
              },
              {
                "status": "affected",
                "version": "1.8.0"
              },
              {
                "status": "affected",
                "version": "20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oncommand_insight",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "10.0"
              },
              {
                "status": "affected",
                "version": "11.0"
              },
              {
                "status": "affected",
                "version": "12.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T19:44:31.998696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T20:06:28.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:27.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:35.314Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21930",
    "datePublished": "2023-04-18T19:54:23.189Z",
    "dateReserved": "2022-12-17T19:26:00.718Z",
    "dateUpdated": "2025-02-13T16:40:25.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-21502 (GCVE-0-2025-21502)

Vulnerability from nvd – Published: 2025-01-21 20:52 – Updated: 2025-02-07 11:02

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Oracle Java SE	Affected: Oracle Java SE:8u431-perf Affected: Oracle Java SE:11.0.25 Affected: Oracle Java SE:17.0.13 Affected: Oracle Java SE:21.0.5 Affected: Oracle Java SE:23.0.1 Affected: Oracle GraalVM for JDK:17.0.13 Affected: Oracle GraalVM for JDK:21.0.5 Affected: Oracle GraalVM for JDK:23.0.1 Affected: Oracle GraalVM Enterprise Edition:20.3.16 Affected: Oracle GraalVM Enterprise Edition:21.3.12 cpe:2.3:a:oracle:java_se:8u431::::enterprise_performance::: cpe:2.3:a:oracle:java_se:11.0.25:::::::* cpe:2.3:a:oracle:java_se:17.0.13:::::::* cpe:2.3:a:oracle:java_se:21.0.5:::::::* cpe:2.3:a:oracle:java_se:23.0.1:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:::::::* cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:::::::* cpe:2.3:a:oracle:graalvm:20.3.16::::enterprise::: cpe:2.3:a:oracle:graalvm:21.3.12::::enterprise:::

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T16:29:12.677151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T16:37:41.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-07T11:02:33.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250124-0009/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/25/6"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u431:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.25:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.16:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.12:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u431-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.25"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.5"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.16"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and  21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-21T20:52:56.446Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21502",
    "datePublished": "2025-01-21T20:52:56.446Z",
    "dateReserved": "2024-12-24T23:18:54.763Z",
    "dateUpdated": "2025-02-07T11:02:33.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47561 (GCVE-0-2024-47561)

Vulnerability from nvd – Published: 2024-10-03 10:23 – Updated: 2024-10-21 08:51

Summary

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.

Severity ?

9.2 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/c2v7mhqnmq0jmbwxq…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Avro Java SDK	Affected: 0 , < 1.11.4 (semver)

Credits

Kostya Kortchinsky, from the Databricks Security Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-11T22:03:16.050Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/03/1"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241011-0003/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:avro:-:*:*:*:*:-:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "avro",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "1.11.4",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-47561",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T18:53:44.038603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T18:59:41.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.avro:avro",
          "product": "Apache Avro Java SDK",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.11.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kostya Kortchinsky, from the Databricks Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\u003cbr\u003eUsers are recommended to upgrade to version 1.11.4\u0026nbsp; or 1.12.0, which fix this issue."
            }
          ],
          "value": "Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4\u00a0 or 1.12.0, which fix this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "critical"
            },
            "type": "Textual description of severity"
          }
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-21T08:51:22.972Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-47561",
    "datePublished": "2024-10-03T10:23:16.214Z",
    "dateReserved": "2024-09-27T07:06:47.522Z",
    "dateUpdated": "2024-10-21T08:51:22.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-23064 (GCVE-0-2020-23064)

Vulnerability from nvd – Published: 2023-06-26 00:00 – Updated: 2024-05-15 16:18

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-05-15T16:18:40.267236",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-23064",
    "datePublished": "2023-06-26T00:00:00",
    "dateRejected": "2024-05-15T00:00:00",
    "dateReserved": "2020-08-13T00:00:00",
    "dateUpdated": "2024-05-15T16:18:40.267236",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21968 (GCVE-0-2023-21968)

Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:33.467Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21968",
    "datePublished": "2023-04-18T19:54:34.372Z",
    "dateReserved": "2022-12-17T19:26:00.733Z",
    "dateUpdated": "2025-02-13T16:40:35.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21967 (GCVE-0-2023-21967)

Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21967",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:34:32.918522Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T13:34:40.120Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:05:57.984Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21967",
    "datePublished": "2023-04-18T19:54:33.967Z",
    "dateReserved": "2022-12-17T19:26:00.733Z",
    "dateUpdated": "2025-02-13T16:40:35.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21954 (GCVE-0-2023-21954)

Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T14:39:04.663342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T15:15:07.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:19.494Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21954",
    "datePublished": "2023-04-18T19:54:30.576Z",
    "dateReserved": "2022-12-17T19:26:00.728Z",
    "dateUpdated": "2025-02-13T16:40:32.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21939 (GCVE-0-2023-21939)

Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21939",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T19:26:29.575017Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T19:26:49.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:27.929Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:18.372Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21939",
    "datePublished": "2023-04-18T19:54:26.274Z",
    "dateReserved": "2022-12-17T19:26:00.722Z",
    "dateUpdated": "2025-02-13T16:40:28.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21937 (GCVE-0-2023-21937)

Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:34:57.672416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T13:35:04.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:51.844Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21937",
    "datePublished": "2023-04-18T19:54:25.624Z",
    "dateReserved": "2022-12-17T19:26:00.722Z",
    "dateUpdated": "2025-02-13T16:40:27.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21938 (GCVE-0-2023-21938)

Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Severity ?

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.8 Affected: Oracle GraalVM Enterprise Edition:21.3.4 Affected: Oracle GraalVM Enterprise Edition:22.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:27.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T14:39:35.865049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T15:17:40.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.8"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:50.001Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21938",
    "datePublished": "2023-04-18T19:54:25.948Z",
    "dateReserved": "2022-12-17T19:26:00.722Z",
    "dateUpdated": "2025-02-13T16:40:27.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21930 (GCVE-0-2023-21930)

Vulnerability from nvd – Published: 2023-04-18 19:54 – Updated: 2025-02-13 16:40

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Assigner

oracle

References

URL

Tags

	https://www.oracle.com/security-alerts/cpuapr2023.html	vendor-advisory
	https://www.couchbase.com/alerts/
	https://security.netapp.com/advisory/ntap-2023042…
	https://www.debian.org/security/2023/dsa-5430
	https://www.debian.org/security/2023/dsa-5478
	https://lists.debian.org/debian-lts-announce/2023…
	https://security.netapp.com/advisory/ntap-2024062…

Impacted products

	Vendor	Product	Version
	Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:8u361 Affected: Oracle Java SE:8u361-perf Affected: Oracle Java SE:11.0.18 Affected: Oracle Java SE:17.0.6 Affected: Oracle Java SE:20 Affected: Oracle GraalVM Enterprise Edition:20.3.9 Affected: Oracle GraalVM Enterprise Edition:21.3.5 Affected: Oracle GraalVM Enterprise Edition:22.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.3.5"
              },
              {
                "status": "affected",
                "version": "22.3.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.18"
              },
              {
                "status": "affected",
                "version": "17.0.6"
              },
              {
                "status": "affected",
                "version": "1.8.0"
              },
              {
                "status": "affected",
                "version": "20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.18"
              },
              {
                "status": "affected",
                "version": "17.0.6"
              },
              {
                "status": "affected",
                "version": "1.8.0"
              },
              {
                "status": "affected",
                "version": "20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oncommand_insight",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "10.0"
              },
              {
                "status": "affected",
                "version": "11.0"
              },
              {
                "status": "affected",
                "version": "12.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T19:44:31.998696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T20:06:28.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:27.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:35.314Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21930",
    "datePublished": "2023-04-18T19:54:23.189Z",
    "dateReserved": "2022-12-17T19:26:00.718Z",
    "dateUpdated": "2025-02-13T16:40:25.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

35 vulnerabilities found for brocade_san_navigator by netapp

CVE-2025-21502 (GCVE-0-2025-21502)

CVE-2024-47561 (GCVE-0-2024-47561)

CVE-2020-23064 (GCVE-0-2020-23064)

CVE-2023-21968 (GCVE-0-2023-21968)

CVE-2023-21967 (GCVE-0-2023-21967)

CVE-2023-21954 (GCVE-0-2023-21954)

CVE-2023-21939 (GCVE-0-2023-21939)

CVE-2023-21937 (GCVE-0-2023-21937)

CVE-2023-21938 (GCVE-0-2023-21938)

CVE-2023-21930 (GCVE-0-2023-21930)

CVE-2025-21502 (GCVE-0-2025-21502)

CVE-2024-47561 (GCVE-0-2024-47561)

CVE-2020-23064 (GCVE-0-2020-23064)

CVE-2023-21968 (GCVE-0-2023-21968)

CVE-2023-21967 (GCVE-0-2023-21967)

CVE-2023-21954 (GCVE-0-2023-21954)

CVE-2023-21939 (GCVE-0-2023-21939)

CVE-2023-21937 (GCVE-0-2023-21937)

CVE-2023-21938 (GCVE-0-2023-21938)

CVE-2023-21930 (GCVE-0-2023-21930)