Vulnerability-Lookup

CVE-2023-21835 (GCVE-0-2023-21835)

Vulnerability from cvelistv5 – Published: 2023-01-17 23:35 – Updated: 2026-05-28 17:50

Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.
CWE-noinfo Not enough information

Assigner

oracle

References

2 references

URL	Tags
https://www.oracle.com/security-alerts/cpujan2023.html	vendor-advisory
https://security.gentoo.org/glsa/202401-25

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Java SE JDK and JRE	Affected: Oracle Java SE:11.0.17 Affected: Oracle Java SE:17.0.5 Affected: Oracle Java SE:19.0.1 Affected: Oracle GraalVM Enterprise Edition:20.3.8 Affected: Oracle GraalVM Enterprise Edition:21.3.4 Affected: Oracle GraalVM Enterprise Edition:22.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:51:50.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-25"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21835",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T19:23:40.568137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T17:50:33.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.17"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.5"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:19.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.8"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-17T15:06:22.114Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-25"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21835",
    "datePublished": "2023-01-17T23:35:08.523Z",
    "dateReserved": "2022-12-17T19:26:00.690Z",
    "dateUpdated": "2026-05-28T17:50:33.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-21835",
      "date": "2026-06-06",
      "epss": "0.00053",
      "percentile": "0.16914"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"EAC60F95-C4B1-49E6-864A-DF5212E7A63C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"4791BBB5-C094-45B6-A3A8-E96D3BF97DA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"E4B331E5-74F5-411E-B997-7038A1DA445D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:11.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9FA7A70-D820-49AA-942A-5F32A3219B53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:17.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"458526BC-62D5-4A0A-9313-ECC4B070B281\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jdk:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40B07512-B002-4A41-BC6A-4D32EA9D52EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:11.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"695E3ADB-39EB-4EAC-B37F-F9200EADE08A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:17.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7CB68CC-9541-4236-9715-BC2DE256CC52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jre:19.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A065785-60AF-4CDB-83C5-B35624706344\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:11.60:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B47BECB1-5502-490C-8BF1-E4F673802228\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:13.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BC1D121-AD8E-41F9-A4EA-26889ADDF0FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:15.44:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDAAB21D-17E7-4FF5-B31C-BFD7EBF6505B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:17.38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04C2FA3F-7CAC-45E2-B2ED-FA6C98884C5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:azul:zulu:19.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECD5B562-AB32-477D-B46D-F3E41A43A809\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que se ven afectadas son Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 y 22.3.0. Una vulnerabilidad f\\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\\u00e9s de DTLS comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\\u00f3digo que no es de confianza (por ejemplo, c\\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\\u00f3lo c\\u00f3digo confiable (por ejemplo, c\\u00f3digo instalado por un administrador). CVSS 3.1 Puntuaci\\u00f3n base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}]",
      "id": "CVE-2023-21835",
      "lastModified": "2024-11-21T07:43:44.847",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert_us@oracle.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2023-01-18T00:15:13.147",
      "references": "[{\"url\": \"https://security.gentoo.org/glsa/202401-25\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2023.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-25\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2023.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-21835\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2023-01-18T00:15:13.147\",\"lastModified\":\"2024-11-21T07:43:44.847\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que se ven afectadas son Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 y 22.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de DTLS comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntuaci\u00f3n base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"EAC60F95-C4B1-49E6-864A-DF5212E7A63C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"4791BBB5-C094-45B6-A3A8-E96D3BF97DA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"E4B331E5-74F5-411E-B997-7038A1DA445D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:11.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9FA7A70-D820-49AA-942A-5F32A3219B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:17.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"458526BC-62D5-4A0A-9313-ECC4B070B281\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jdk:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40B07512-B002-4A41-BC6A-4D32EA9D52EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:11.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"695E3ADB-39EB-4EAC-B37F-F9200EADE08A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:17.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7CB68CC-9541-4236-9715-BC2DE256CC52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jre:19.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A065785-60AF-4CDB-83C5-B35624706344\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:11.60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B47BECB1-5502-490C-8BF1-E4F673802228\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:13.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BC1D121-AD8E-41F9-A4EA-26889ADDF0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:15.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDAAB21D-17E7-4FF5-B31C-BFD7EBF6505B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:17.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04C2FA3F-7CAC-45E2-B2ED-FA6C98884C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:azul:zulu:19.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECD5B562-AB32-477D-B46D-F3E41A43A809\"}]}]}],\"references\":[{\"url\":\"https://security.gentoo.org/glsa/202401-25\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2023.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2023.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujan2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-25\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:51:50.877Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-21835\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-03T19:23:40.568137Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-03T19:23:41.839Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Java SE JDK and JRE\", \"versions\": [{\"status\": \"affected\", \"version\": \"Oracle Java SE:11.0.17\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:17.0.5\"}, {\"status\": \"affected\", \"version\": \"Oracle Java SE:19.0.1\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:20.3.8\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:21.3.4\"}, {\"status\": \"affected\", \"version\": \"Oracle GraalVM Enterprise Edition:22.3.0\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujan2023.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-25\"}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2024-01-17T15:06:22.114Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-21835\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-28T17:50:33.148Z\", \"dateReserved\": \"2022-12-17T19:26:00.690Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2023-01-17T23:35:08.523Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2023-AVI-0240

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une exécution de code arbitraire à distance, un déni de service à distance, un contournement de la politique de sécurité, une élévation de privilèges et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling	Sterling Global Mailbox versions 6.0.3.x antérieures à 6.0.3.8
IBM	Spectrum	Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.19.0
IBM	Spectrum	Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.17.2
IBM	Sterling	Sterling B2B Integrator versions 6.1.x antérieures à 6.1.2.1
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.14
IBM	Spectrum	Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2
IBM	Sterling	Sterling Global Mailbox versions 6.1.2.x antérieures à 6.1.2.2
IBM	Sterling	Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.8

References

Title

Publication Time

CERTFR-2026-AVI-0199

Vulnerability from certfr_avis - Published: 2026-02-24 - Updated: 2026-02-24

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Telco Cloud Platform	Telco Cloud Platform versions 4.x et 5.x sans le correctif de sécurité KB428241
VMware	Tanzu Data Services	Tanzu Data Flow versions antérieures à 2.0.2 sur Tanzu Platform
VMware	Azure Spring Enterprise	Harbor Registry versions antérieures à 2.14.2
VMware	Tanzu Data Intelligence	Tanzu pour MySQL versions 2.0.0 sur Kubernetes
VMware	Cloud Foundation	Cloud Foundation versions 9.x antérieures à 9.0.2.0
VMware	Tanzu Kubernetes Runtime	App Metrics versions antérieures à2.3.3
VMware	Tanzu Data Intelligence	Tanzu GemFire versions antérieures à 2.6.1 sur Kubernetes
VMware	Tanzu Kubernetes Runtime	CredHub Secrets Management pour Tanzu Platform versions antérieures à 1.6.8
VMware	Tanzu Data Intelligence	Tanzu pour Valkey version 3.3.1 sur Kubernetes
VMware	Tanzu Operations Manager	Foundation Core pour Tanzu Platform versions antérieures à 3.2.4
VMware	Aria Operations	Aria Operations versions 8.x antérieures à 8.18.6
VMware	Tanzu Kubernetes Runtime	cf-mgmt pour Tanzu Platform versions antérieures à 1.0.108
VMware	Tanzu Data Intelligence	Tanzu pour Valkey version 9.0.1
VMware	Tanzu Kubernetes Runtime	Extended App Support pour Tanzu Platform versions antérieures à 1.0.15
VMware	Tanzu Data Intelligence	Tanzu GemFire Management versions antérieures à 1.4.3
VMware	Tanzu Kubernetes Runtime	NodeJS Buildpack versions antérieures à 1.8.77
VMware	Tanzu Kubernetes Runtime	Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.5
VMware	Cloud Foundation	Cloud Foundation versions 4.x et 5.x sans le correctif de sécurité KB92148
VMware	Tanzu Kubernetes Runtime	AI Services pour Tanzu Platform versions antérieures à 10.3.4
VMware	Tanzu Kubernetes Runtime	Java Buildpack versions antérieures à 4.89.0
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de sécurité KB428241
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5

References

Title

Publication Time

FKIE_CVE-2023-21835

Vulnerability from fkie_nvd - Published: 2023-01-18 00:15 - Updated: 2024-11-21 07:43

Severity

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
secalert_us@oracle.com	https://security.gentoo.org/glsa/202401-25
secalert_us@oracle.com	https://www.oracle.com/security-alerts/cpujan2023.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202401-25
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2023.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
oracle	graalvm	20.3.8
oracle	graalvm	21.3.4
oracle	graalvm	22.3.0
oracle	jdk	11.0.17
oracle	jdk	17.0.5
oracle	jdk	19.0.1
oracle	jre	11.0.17
oracle	jre	17.0.5
oracle	jre	19.0.1
azul	zulu	11.60
azul	zulu	13.52
azul	zulu	15.44
azul	zulu	17.38
azul	zulu	19.30

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "EAC60F95-C4B1-49E6-864A-DF5212E7A63C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4791BBB5-C094-45B6-A3A8-E96D3BF97DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "E4B331E5-74F5-411E-B997-7038A1DA445D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9FA7A70-D820-49AA-942A-5F32A3219B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:17.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "458526BC-62D5-4A0A-9313-ECC4B070B281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B07512-B002-4A41-BC6A-4D32EA9D52EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "695E3ADB-39EB-4EAC-B37F-F9200EADE08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:17.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CB68CC-9541-4236-9715-BC2DE256CC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A065785-60AF-4CDB-83C5-B35624706344",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:azul:zulu:11.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47BECB1-5502-490C-8BF1-E4F673802228",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:13.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BC1D121-AD8E-41F9-A4EA-26889ADDF0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:15.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDAAB21D-17E7-4FF5-B31C-BFD7EBF6505B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:17.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C2FA3F-7CAC-45E2-B2ED-FA6C98884C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:azul:zulu:19.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD5B562-AB32-477D-B46D-F3E41A43A809",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: JSSE). Las versiones compatibles que se ven afectadas son Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 y 22.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de DTLS comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntuaci\u00f3n base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
    }
  ],
  "id": "CVE-2023-21835",
  "lastModified": "2024-11-21T07:43:44.847",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-01-18T00:15:13.147",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "https://security.gentoo.org/glsa/202401-25"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-25"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WQGC-H828-9G98

Vulnerability from github – Published: 2023-01-18 00:30 – Updated: 2023-01-18 00:30

Details

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-21835"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-18T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
  "id": "GHSA-wqgc-h828-9g98",
  "modified": "2023-01-18T00:30:17Z",
  "published": "2023-01-18T00:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21835"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-25"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-21835

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-21835

Aliases

CVE-2023-21835

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-21835",
    "id": "GSD-2023-21835",
    "references": [
      "https://www.debian.org/security/2023/dsa-5331",
      "https://www.debian.org/security/2023/dsa-5335",
      "https://advisories.mageia.org/CVE-2023-21835.html",
      "https://access.redhat.com/errata/RHSA-2023:0190",
      "https://access.redhat.com/errata/RHSA-2023:0191",
      "https://access.redhat.com/errata/RHSA-2023:0192",
      "https://access.redhat.com/errata/RHSA-2023:0193",
      "https://access.redhat.com/errata/RHSA-2023:0194",
      "https://access.redhat.com/errata/RHSA-2023:0195",
      "https://access.redhat.com/errata/RHSA-2023:0196",
      "https://access.redhat.com/errata/RHSA-2023:0197",
      "https://access.redhat.com/errata/RHSA-2023:0198",
      "https://access.redhat.com/errata/RHSA-2023:0199",
      "https://access.redhat.com/errata/RHSA-2023:0200",
      "https://access.redhat.com/errata/RHSA-2023:0201",
      "https://access.redhat.com/errata/RHSA-2023:0202",
      "https://access.redhat.com/errata/RHSA-2023:0352",
      "https://access.redhat.com/errata/RHSA-2023:0353",
      "https://access.redhat.com/errata/RHSA-2023:0388",
      "https://access.redhat.com/errata/RHSA-2023:0389",
      "https://www.suse.com/security/cve/CVE-2023-21835.html",
      "https://ubuntu.com/security/CVE-2023-21835"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-21835"
      ],
      "details": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
      "id": "GSD-2023-21835",
      "modified": "2023-12-13T01:20:25.385306Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2023-21835",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Java SE JDK and JRE",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Oracle Java SE:11.0.17"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "Oracle Java SE:17.0.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "Oracle Java SE:19.0.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "Oracle GraalVM Enterprise Edition:20.3.8"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "Oracle GraalVM Enterprise Edition:21.3.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "Oracle GraalVM Enterprise Edition:22.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2023.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
          },
          {
            "name": "https://security.gentoo.org/glsa/202401-25",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202401-25"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:oracle:graalvm:20.3.8:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "EAC60F95-C4B1-49E6-864A-DF5212E7A63C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:graalvm:21.3.4:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "4791BBB5-C094-45B6-A3A8-E96D3BF97DA5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:graalvm:22.3.0:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "E4B331E5-74F5-411E-B997-7038A1DA445D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdk:11.0.17:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F9FA7A70-D820-49AA-942A-5F32A3219B53",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdk:17.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "458526BC-62D5-4A0A-9313-ECC4B070B281",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jdk:19.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "40B07512-B002-4A41-BC6A-4D32EA9D52EA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:11.0.17:*:*:*:*:*:*:*",
                    "matchCriteriaId": "695E3ADB-39EB-4EAC-B37F-F9200EADE08A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:17.0.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C7CB68CC-9541-4236-9715-BC2DE256CC52",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:oracle:jre:19.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0A065785-60AF-4CDB-83C5-B35624706344",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:azul:zulu:11.60:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B47BECB1-5502-490C-8BF1-E4F673802228",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:azul:zulu:13.52:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7BC1D121-AD8E-41F9-A4EA-26889ADDF0FC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:azul:zulu:15.44:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EDAAB21D-17E7-4FF5-B31C-BFD7EBF6505B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:azul:zulu:17.38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04C2FA3F-7CAC-45E2-B2ED-FA6C98884C5B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:azul:zulu:19.30:*:*:*:*:*:*:*",
                    "matchCriteriaId": "ECD5B562-AB32-477D-B46D-F3E41A43A809",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
          }
        ],
        "id": "CVE-2023-21835",
        "lastModified": "2024-01-17T15:15:10.157",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 1.4,
              "source": "secalert_us@oracle.com",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-01-18T00:15:13.147",
        "references": [
          {
            "source": "secalert_us@oracle.com",
            "url": "https://security.gentoo.org/glsa/202401-25"
          },
          {
            "source": "secalert_us@oracle.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
          }
        ],
        "sourceIdentifier": "secalert_us@oracle.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

OPENSUSE-SU-2024:12661-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

java-19-openjdk-19.0.2.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: java-19-openjdk-19.0.2.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the java-19-openjdk-19.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12661

CVE-2023-21835

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-21843

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-21835/	self
https://www.suse.com/security/cve/CVE-2023-21843/	self
https://www.suse.com/security/cve/CVE-2023-21835	external
https://bugzilla.suse.com/1207246	external
https://www.suse.com/security/cve/CVE-2023-21843	external
https://bugzilla.suse.com/1207248	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "java-19-openjdk-19.0.2.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the java-19-openjdk-19.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12661",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12661-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21835 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21835/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21843 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21843/"
      }
    ],
    "title": "java-19-openjdk-19.0.2.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12661-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-19-openjdk-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-19.0.2.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-demo-19.0.2.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-devel-19.0.2.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-headless-19.0.2.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-jmods-19.0.2.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-src-19.0.2.0-1.1.aarch64",
                "product": {
                  "name": "java-19-openjdk-src-19.0.2.0-1.1.aarch64",
                  "product_id": "java-19-openjdk-src-19.0.2.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-19-openjdk-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-19.0.2.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-demo-19.0.2.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-devel-19.0.2.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-headless-19.0.2.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
                "product": {
                  "name": "java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
                  "product_id": "java-19-openjdk-src-19.0.2.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-19-openjdk-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-19.0.2.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-accessibility-19.0.2.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-demo-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-demo-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-demo-19.0.2.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-devel-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-devel-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-devel-19.0.2.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-headless-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-headless-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-headless-19.0.2.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-javadoc-19.0.2.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-jmods-19.0.2.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-src-19.0.2.0-1.1.s390x",
                "product": {
                  "name": "java-19-openjdk-src-19.0.2.0-1.1.s390x",
                  "product_id": "java-19-openjdk-src-19.0.2.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-19-openjdk-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-19.0.2.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-demo-19.0.2.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-devel-19.0.2.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-headless-19.0.2.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-jmods-19.0.2.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-19-openjdk-src-19.0.2.0-1.1.x86_64",
                "product": {
                  "name": "java-19-openjdk-src-19.0.2.0-1.1.x86_64",
                  "product_id": "java-19-openjdk-src-19.0.2.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-demo-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-demo-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-demo-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-demo-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-demo-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-devel-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-devel-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-devel-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-devel-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-devel-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-headless-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-headless-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-headless-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-headless-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-headless-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-jmods-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-jmods-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-jmods-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-src-19.0.2.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64"
        },
        "product_reference": "java-19-openjdk-src-19.0.2.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-src-19.0.2.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le"
        },
        "product_reference": "java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-src-19.0.2.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x"
        },
        "product_reference": "java-19-openjdk-src-19.0.2.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-19-openjdk-src-19.0.2.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64"
        },
        "product_reference": "java-19-openjdk-src-19.0.2.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21835",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21835"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21835",
          "url": "https://www.suse.com/security/cve/CVE-2023-21835"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207246 for CVE-2023-21835",
          "url": "https://bugzilla.suse.com/1207246"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-21835"
    },
    {
      "cve": "CVE-2023-21843",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21843"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x",
          "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21843",
          "url": "https://www.suse.com/security/cve/CVE-2023-21843"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207248 for CVE-2023-21843",
          "url": "https://bugzilla.suse.com/1207248"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-accessibility-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-demo-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-devel-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-headless-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-javadoc-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-jmods-19.0.2.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.s390x",
            "openSUSE Tumbleweed:java-19-openjdk-src-19.0.2.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-21843"
    }
  ]
}

OPENSUSE-SU-2024:12663-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

java-11-openjdk-11.0.18.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: java-11-openjdk-11.0.18.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the java-11-openjdk-11.0.18.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12663

CVE-2023-21835

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-21843

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-21835/	self
https://www.suse.com/security/cve/CVE-2023-21843/	self
https://www.suse.com/security/cve/CVE-2023-21835	external
https://bugzilla.suse.com/1207246	external
https://www.suse.com/security/cve/CVE-2023-21843	external
https://bugzilla.suse.com/1207248	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "java-11-openjdk-11.0.18.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the java-11-openjdk-11.0.18.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12663",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12663-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21835 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21835/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21843 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21843/"
      }
    ],
    "title": "java-11-openjdk-11.0.18.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12663-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-11-openjdk-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-11.0.18.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-demo-11.0.18.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-devel-11.0.18.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-headless-11.0.18.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-jmods-11.0.18.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-src-11.0.18.0-1.1.aarch64",
                "product": {
                  "name": "java-11-openjdk-src-11.0.18.0-1.1.aarch64",
                  "product_id": "java-11-openjdk-src-11.0.18.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-11-openjdk-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-11.0.18.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-demo-11.0.18.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-devel-11.0.18.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-headless-11.0.18.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
                "product": {
                  "name": "java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
                  "product_id": "java-11-openjdk-src-11.0.18.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-11-openjdk-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-11.0.18.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-accessibility-11.0.18.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-demo-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-demo-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-demo-11.0.18.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-devel-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-devel-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-devel-11.0.18.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-headless-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-headless-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-headless-11.0.18.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-javadoc-11.0.18.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-jmods-11.0.18.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-src-11.0.18.0-1.1.s390x",
                "product": {
                  "name": "java-11-openjdk-src-11.0.18.0-1.1.s390x",
                  "product_id": "java-11-openjdk-src-11.0.18.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-11-openjdk-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-11.0.18.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-demo-11.0.18.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-devel-11.0.18.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-headless-11.0.18.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-jmods-11.0.18.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-11-openjdk-src-11.0.18.0-1.1.x86_64",
                "product": {
                  "name": "java-11-openjdk-src-11.0.18.0-1.1.x86_64",
                  "product_id": "java-11-openjdk-src-11.0.18.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-demo-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-demo-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-demo-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-demo-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-demo-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-devel-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-devel-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-devel-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-devel-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-devel-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-headless-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-headless-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-headless-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-headless-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-headless-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-jmods-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-jmods-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-jmods-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-src-11.0.18.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64"
        },
        "product_reference": "java-11-openjdk-src-11.0.18.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-src-11.0.18.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le"
        },
        "product_reference": "java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-src-11.0.18.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x"
        },
        "product_reference": "java-11-openjdk-src-11.0.18.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-11-openjdk-src-11.0.18.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64"
        },
        "product_reference": "java-11-openjdk-src-11.0.18.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21835",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21835"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21835",
          "url": "https://www.suse.com/security/cve/CVE-2023-21835"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207246 for CVE-2023-21835",
          "url": "https://bugzilla.suse.com/1207246"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-21835"
    },
    {
      "cve": "CVE-2023-21843",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21843"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x",
          "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21843",
          "url": "https://www.suse.com/security/cve/CVE-2023-21843"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207248 for CVE-2023-21843",
          "url": "https://bugzilla.suse.com/1207248"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-accessibility-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-demo-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-devel-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-headless-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-javadoc-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-jmods-11.0.18.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.s390x",
            "openSUSE Tumbleweed:java-11-openjdk-src-11.0.18.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-21843"
    }
  ]
}

OPENSUSE-SU-2024:12669-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

java-17-openjdk-17.0.6.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: java-17-openjdk-17.0.6.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the java-17-openjdk-17.0.6.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12669

CVE-2023-21835

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-21843

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-21835/	self
https://www.suse.com/security/cve/CVE-2023-21843/	self
https://www.suse.com/security/cve/CVE-2023-21835	external
https://bugzilla.suse.com/1207246	external
https://www.suse.com/security/cve/CVE-2023-21843	external
https://bugzilla.suse.com/1207248	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "java-17-openjdk-17.0.6.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the java-17-openjdk-17.0.6.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12669",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12669-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21835 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21835/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21843 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21843/"
      }
    ],
    "title": "java-17-openjdk-17.0.6.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12669-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-17-openjdk-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-17.0.6.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-demo-17.0.6.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-devel-17.0.6.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-headless-17.0.6.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-jmods-17.0.6.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-src-17.0.6.0-1.1.aarch64",
                "product": {
                  "name": "java-17-openjdk-src-17.0.6.0-1.1.aarch64",
                  "product_id": "java-17-openjdk-src-17.0.6.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-17-openjdk-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-17.0.6.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-demo-17.0.6.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-devel-17.0.6.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-headless-17.0.6.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
                "product": {
                  "name": "java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
                  "product_id": "java-17-openjdk-src-17.0.6.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-17-openjdk-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-17.0.6.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-accessibility-17.0.6.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-demo-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-demo-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-demo-17.0.6.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-devel-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-devel-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-devel-17.0.6.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-headless-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-headless-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-headless-17.0.6.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-javadoc-17.0.6.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-jmods-17.0.6.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-src-17.0.6.0-1.1.s390x",
                "product": {
                  "name": "java-17-openjdk-src-17.0.6.0-1.1.s390x",
                  "product_id": "java-17-openjdk-src-17.0.6.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-17-openjdk-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-17.0.6.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-demo-17.0.6.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-devel-17.0.6.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-headless-17.0.6.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-jmods-17.0.6.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-17-openjdk-src-17.0.6.0-1.1.x86_64",
                "product": {
                  "name": "java-17-openjdk-src-17.0.6.0-1.1.x86_64",
                  "product_id": "java-17-openjdk-src-17.0.6.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-demo-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-demo-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-demo-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-demo-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-demo-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-devel-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-devel-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-devel-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-devel-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-devel-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-headless-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-headless-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-headless-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-headless-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-headless-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-jmods-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-jmods-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-jmods-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-src-17.0.6.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64"
        },
        "product_reference": "java-17-openjdk-src-17.0.6.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-src-17.0.6.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le"
        },
        "product_reference": "java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-src-17.0.6.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x"
        },
        "product_reference": "java-17-openjdk-src-17.0.6.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-17-openjdk-src-17.0.6.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64"
        },
        "product_reference": "java-17-openjdk-src-17.0.6.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21835",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21835"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21835",
          "url": "https://www.suse.com/security/cve/CVE-2023-21835"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207246 for CVE-2023-21835",
          "url": "https://bugzilla.suse.com/1207246"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-21835"
    },
    {
      "cve": "CVE-2023-21843",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21843"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x",
          "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21843",
          "url": "https://www.suse.com/security/cve/CVE-2023-21843"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207248 for CVE-2023-21843",
          "url": "https://bugzilla.suse.com/1207248"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-accessibility-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-demo-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-devel-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-headless-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-javadoc-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-jmods-17.0.6.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.s390x",
            "openSUSE Tumbleweed:java-17-openjdk-src-17.0.6.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-21843"
    }
  ]
}

OPENSUSE-SU-2024:12719-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

java-13-openjdk-13.0.14.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: java-13-openjdk-13.0.14.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the java-13-openjdk-13.0.14.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12719

CVE-2023-21835

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-21843

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-21835/	self
https://www.suse.com/security/cve/CVE-2023-21843/	self
https://www.suse.com/security/cve/CVE-2023-21835	external
https://bugzilla.suse.com/1207246	external
https://www.suse.com/security/cve/CVE-2023-21843	external
https://bugzilla.suse.com/1207248	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "java-13-openjdk-13.0.14.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the java-13-openjdk-13.0.14.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12719",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12719-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21835 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21835/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21843 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21843/"
      }
    ],
    "title": "java-13-openjdk-13.0.14.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12719-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-13-openjdk-13.0.14.0-1.1.aarch64",
                "product": {
                  "name": "java-13-openjdk-13.0.14.0-1.1.aarch64",
                  "product_id": "java-13-openjdk-13.0.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
                "product": {
                  "name": "java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
                  "product_id": "java-13-openjdk-demo-13.0.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
                "product": {
                  "name": "java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
                  "product_id": "java-13-openjdk-devel-13.0.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
                "product": {
                  "name": "java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
                  "product_id": "java-13-openjdk-headless-13.0.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
                "product": {
                  "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
                  "product_id": "java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
                "product": {
                  "name": "java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
                  "product_id": "java-13-openjdk-jmods-13.0.14.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-src-13.0.14.0-1.1.aarch64",
                "product": {
                  "name": "java-13-openjdk-src-13.0.14.0-1.1.aarch64",
                  "product_id": "java-13-openjdk-src-13.0.14.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-13-openjdk-13.0.14.0-1.1.ppc64le",
                "product": {
                  "name": "java-13-openjdk-13.0.14.0-1.1.ppc64le",
                  "product_id": "java-13-openjdk-13.0.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
                "product": {
                  "name": "java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
                  "product_id": "java-13-openjdk-demo-13.0.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
                "product": {
                  "name": "java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
                  "product_id": "java-13-openjdk-devel-13.0.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
                "product": {
                  "name": "java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
                  "product_id": "java-13-openjdk-headless-13.0.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
                "product": {
                  "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
                  "product_id": "java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
                "product": {
                  "name": "java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
                  "product_id": "java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
                "product": {
                  "name": "java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
                  "product_id": "java-13-openjdk-src-13.0.14.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-13-openjdk-13.0.14.0-1.1.s390x",
                "product": {
                  "name": "java-13-openjdk-13.0.14.0-1.1.s390x",
                  "product_id": "java-13-openjdk-13.0.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-demo-13.0.14.0-1.1.s390x",
                "product": {
                  "name": "java-13-openjdk-demo-13.0.14.0-1.1.s390x",
                  "product_id": "java-13-openjdk-demo-13.0.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-devel-13.0.14.0-1.1.s390x",
                "product": {
                  "name": "java-13-openjdk-devel-13.0.14.0-1.1.s390x",
                  "product_id": "java-13-openjdk-devel-13.0.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-headless-13.0.14.0-1.1.s390x",
                "product": {
                  "name": "java-13-openjdk-headless-13.0.14.0-1.1.s390x",
                  "product_id": "java-13-openjdk-headless-13.0.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
                "product": {
                  "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
                  "product_id": "java-13-openjdk-javadoc-13.0.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
                "product": {
                  "name": "java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
                  "product_id": "java-13-openjdk-jmods-13.0.14.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-src-13.0.14.0-1.1.s390x",
                "product": {
                  "name": "java-13-openjdk-src-13.0.14.0-1.1.s390x",
                  "product_id": "java-13-openjdk-src-13.0.14.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-13-openjdk-13.0.14.0-1.1.x86_64",
                "product": {
                  "name": "java-13-openjdk-13.0.14.0-1.1.x86_64",
                  "product_id": "java-13-openjdk-13.0.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
                "product": {
                  "name": "java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
                  "product_id": "java-13-openjdk-demo-13.0.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
                "product": {
                  "name": "java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
                  "product_id": "java-13-openjdk-devel-13.0.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
                "product": {
                  "name": "java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
                  "product_id": "java-13-openjdk-headless-13.0.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
                "product": {
                  "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
                  "product_id": "java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
                "product": {
                  "name": "java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
                  "product_id": "java-13-openjdk-jmods-13.0.14.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-13-openjdk-src-13.0.14.0-1.1.x86_64",
                "product": {
                  "name": "java-13-openjdk-src-13.0.14.0-1.1.x86_64",
                  "product_id": "java-13-openjdk-src-13.0.14.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-13.0.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64"
        },
        "product_reference": "java-13-openjdk-13.0.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-13.0.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le"
        },
        "product_reference": "java-13-openjdk-13.0.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-13.0.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x"
        },
        "product_reference": "java-13-openjdk-13.0.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-13.0.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64"
        },
        "product_reference": "java-13-openjdk-13.0.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-demo-13.0.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64"
        },
        "product_reference": "java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-demo-13.0.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le"
        },
        "product_reference": "java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-demo-13.0.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x"
        },
        "product_reference": "java-13-openjdk-demo-13.0.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-demo-13.0.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64"
        },
        "product_reference": "java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-devel-13.0.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64"
        },
        "product_reference": "java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-devel-13.0.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le"
        },
        "product_reference": "java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-devel-13.0.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x"
        },
        "product_reference": "java-13-openjdk-devel-13.0.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-devel-13.0.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64"
        },
        "product_reference": "java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-headless-13.0.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64"
        },
        "product_reference": "java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-headless-13.0.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le"
        },
        "product_reference": "java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-headless-13.0.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x"
        },
        "product_reference": "java-13-openjdk-headless-13.0.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-headless-13.0.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64"
        },
        "product_reference": "java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64"
        },
        "product_reference": "java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le"
        },
        "product_reference": "java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x"
        },
        "product_reference": "java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64"
        },
        "product_reference": "java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-jmods-13.0.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64"
        },
        "product_reference": "java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le"
        },
        "product_reference": "java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-jmods-13.0.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x"
        },
        "product_reference": "java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-jmods-13.0.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64"
        },
        "product_reference": "java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-src-13.0.14.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64"
        },
        "product_reference": "java-13-openjdk-src-13.0.14.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-src-13.0.14.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le"
        },
        "product_reference": "java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-src-13.0.14.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x"
        },
        "product_reference": "java-13-openjdk-src-13.0.14.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-13-openjdk-src-13.0.14.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64"
        },
        "product_reference": "java-13-openjdk-src-13.0.14.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21835",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21835"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21835",
          "url": "https://www.suse.com/security/cve/CVE-2023-21835"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207246 for CVE-2023-21835",
          "url": "https://bugzilla.suse.com/1207246"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-21835"
    },
    {
      "cve": "CVE-2023-21843",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21843"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x",
          "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21843",
          "url": "https://www.suse.com/security/cve/CVE-2023-21843"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207248 for CVE-2023-21843",
          "url": "https://bugzilla.suse.com/1207248"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-demo-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-devel-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-headless-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-javadoc-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-jmods-13.0.14.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.s390x",
            "openSUSE Tumbleweed:java-13-openjdk-src-13.0.14.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-21843"
    }
  ]
}

OPENSUSE-SU-2024:12720-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

java-15-openjdk-15.0.10.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: java-15-openjdk-15.0.10.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the java-15-openjdk-15.0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12720

CVE-2023-21835

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-21843

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 28 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-21835/	self
https://www.suse.com/security/cve/CVE-2023-21843/	self
https://www.suse.com/security/cve/CVE-2023-21835	external
https://bugzilla.suse.com/1207246	external
https://www.suse.com/security/cve/CVE-2023-21843	external
https://bugzilla.suse.com/1207248	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "java-15-openjdk-15.0.10.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the java-15-openjdk-15.0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12720",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12720-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21835 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21835/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-21843 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-21843/"
      }
    ],
    "title": "java-15-openjdk-15.0.10.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12720-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-15-openjdk-15.0.10.0-1.1.aarch64",
                "product": {
                  "name": "java-15-openjdk-15.0.10.0-1.1.aarch64",
                  "product_id": "java-15-openjdk-15.0.10.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
                "product": {
                  "name": "java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
                  "product_id": "java-15-openjdk-demo-15.0.10.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
                "product": {
                  "name": "java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
                  "product_id": "java-15-openjdk-devel-15.0.10.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
                "product": {
                  "name": "java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
                  "product_id": "java-15-openjdk-headless-15.0.10.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
                "product": {
                  "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
                  "product_id": "java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
                "product": {
                  "name": "java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
                  "product_id": "java-15-openjdk-jmods-15.0.10.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-src-15.0.10.0-1.1.aarch64",
                "product": {
                  "name": "java-15-openjdk-src-15.0.10.0-1.1.aarch64",
                  "product_id": "java-15-openjdk-src-15.0.10.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-15-openjdk-15.0.10.0-1.1.ppc64le",
                "product": {
                  "name": "java-15-openjdk-15.0.10.0-1.1.ppc64le",
                  "product_id": "java-15-openjdk-15.0.10.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
                "product": {
                  "name": "java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
                  "product_id": "java-15-openjdk-demo-15.0.10.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
                "product": {
                  "name": "java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
                  "product_id": "java-15-openjdk-devel-15.0.10.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
                "product": {
                  "name": "java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
                  "product_id": "java-15-openjdk-headless-15.0.10.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
                "product": {
                  "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
                  "product_id": "java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
                "product": {
                  "name": "java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
                  "product_id": "java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
                "product": {
                  "name": "java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
                  "product_id": "java-15-openjdk-src-15.0.10.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-15-openjdk-15.0.10.0-1.1.s390x",
                "product": {
                  "name": "java-15-openjdk-15.0.10.0-1.1.s390x",
                  "product_id": "java-15-openjdk-15.0.10.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-demo-15.0.10.0-1.1.s390x",
                "product": {
                  "name": "java-15-openjdk-demo-15.0.10.0-1.1.s390x",
                  "product_id": "java-15-openjdk-demo-15.0.10.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-devel-15.0.10.0-1.1.s390x",
                "product": {
                  "name": "java-15-openjdk-devel-15.0.10.0-1.1.s390x",
                  "product_id": "java-15-openjdk-devel-15.0.10.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-headless-15.0.10.0-1.1.s390x",
                "product": {
                  "name": "java-15-openjdk-headless-15.0.10.0-1.1.s390x",
                  "product_id": "java-15-openjdk-headless-15.0.10.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
                "product": {
                  "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
                  "product_id": "java-15-openjdk-javadoc-15.0.10.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
                "product": {
                  "name": "java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
                  "product_id": "java-15-openjdk-jmods-15.0.10.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-src-15.0.10.0-1.1.s390x",
                "product": {
                  "name": "java-15-openjdk-src-15.0.10.0-1.1.s390x",
                  "product_id": "java-15-openjdk-src-15.0.10.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-15-openjdk-15.0.10.0-1.1.x86_64",
                "product": {
                  "name": "java-15-openjdk-15.0.10.0-1.1.x86_64",
                  "product_id": "java-15-openjdk-15.0.10.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
                "product": {
                  "name": "java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
                  "product_id": "java-15-openjdk-demo-15.0.10.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
                "product": {
                  "name": "java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
                  "product_id": "java-15-openjdk-devel-15.0.10.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
                "product": {
                  "name": "java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
                  "product_id": "java-15-openjdk-headless-15.0.10.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
                "product": {
                  "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
                  "product_id": "java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
                "product": {
                  "name": "java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
                  "product_id": "java-15-openjdk-jmods-15.0.10.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-15-openjdk-src-15.0.10.0-1.1.x86_64",
                "product": {
                  "name": "java-15-openjdk-src-15.0.10.0-1.1.x86_64",
                  "product_id": "java-15-openjdk-src-15.0.10.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-15.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64"
        },
        "product_reference": "java-15-openjdk-15.0.10.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-15.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le"
        },
        "product_reference": "java-15-openjdk-15.0.10.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-15.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x"
        },
        "product_reference": "java-15-openjdk-15.0.10.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-15.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64"
        },
        "product_reference": "java-15-openjdk-15.0.10.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-demo-15.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64"
        },
        "product_reference": "java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-demo-15.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le"
        },
        "product_reference": "java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-demo-15.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x"
        },
        "product_reference": "java-15-openjdk-demo-15.0.10.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-demo-15.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64"
        },
        "product_reference": "java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-devel-15.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64"
        },
        "product_reference": "java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-devel-15.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le"
        },
        "product_reference": "java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-devel-15.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x"
        },
        "product_reference": "java-15-openjdk-devel-15.0.10.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-devel-15.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64"
        },
        "product_reference": "java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-headless-15.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64"
        },
        "product_reference": "java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-headless-15.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le"
        },
        "product_reference": "java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-headless-15.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x"
        },
        "product_reference": "java-15-openjdk-headless-15.0.10.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-headless-15.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64"
        },
        "product_reference": "java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64"
        },
        "product_reference": "java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le"
        },
        "product_reference": "java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x"
        },
        "product_reference": "java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64"
        },
        "product_reference": "java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-jmods-15.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64"
        },
        "product_reference": "java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le"
        },
        "product_reference": "java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-jmods-15.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x"
        },
        "product_reference": "java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-jmods-15.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64"
        },
        "product_reference": "java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-src-15.0.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64"
        },
        "product_reference": "java-15-openjdk-src-15.0.10.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-src-15.0.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le"
        },
        "product_reference": "java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-src-15.0.10.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x"
        },
        "product_reference": "java-15-openjdk-src-15.0.10.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-15-openjdk-src-15.0.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64"
        },
        "product_reference": "java-15-openjdk-src-15.0.10.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21835",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21835"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21835",
          "url": "https://www.suse.com/security/cve/CVE-2023-21835"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207246 for CVE-2023-21835",
          "url": "https://bugzilla.suse.com/1207246"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-21835"
    },
    {
      "cve": "CVE-2023-21843",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-21843"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound).  Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and  22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x",
          "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-21843",
          "url": "https://www.suse.com/security/cve/CVE-2023-21843"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207248 for CVE-2023-21843",
          "url": "https://bugzilla.suse.com/1207248"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-demo-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-devel-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-headless-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-javadoc-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-jmods-15.0.10.0-1.1.x86_64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.aarch64",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.ppc64le",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.s390x",
            "openSUSE Tumbleweed:java-15-openjdk-src-15.0.10.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-21843"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-21835 (GCVE-0-2023-21835)

Solution

Solutions

Tags

Sightings

Nomenclature