Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-2597
Vulnerability from cvelistv5
Published
2023-05-22 00:00
Modified
2024-08-02 06:26
Severity ?
EPSS score ?
Summary
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse OpenJ9 |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-2597", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-05T20:11:44.369441Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T20:11:57.497Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T06:26:09.798Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/eclipse-openj9/openj9/pull/17259", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Eclipse OpenJ9", vendor: "Eclipse Foundation", versions: [ { lessThanOrEqual: "0.37.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:06:06.704404", orgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", shortName: "eclipse", }, references: [ { url: "https://github.com/eclipse-openj9/openj9/pull/17259", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], }, }, cveMetadata: { assignerOrgId: "e51fbebd-6053-4e49-959f-1b94eeb69a2c", assignerShortName: "eclipse", cveId: "CVE-2023-2597", datePublished: "2023-05-22T00:00:00", dateReserved: "2023-05-09T00:00:00", dateUpdated: "2024-08-02T06:26:09.798Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.38.0\", \"matchCriteriaId\": \"575BD70A-498B-4D6A-BF10-E15592EF66AD\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.\"}]", id: "CVE-2023-2597", lastModified: "2024-11-21T07:58:54.127", metrics: "{\"cvssMetricV31\": [{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}", published: "2023-05-22T12:15:09.760", references: "[{\"url\": \"https://github.com/eclipse-openj9/openj9/pull/17259\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"emo@eclipse.org\"}, {\"url\": \"https://github.com/eclipse-openj9/openj9/pull/17259\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]", sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"emo@eclipse.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2023-2597\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2023-05-22T12:15:09.760\",\"lastModified\":\"2024-11-21T07:58:54.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.38.0\",\"matchCriteriaId\":\"575BD70A-498B-4D6A-BF10-E15592EF66AD\"}]}]}],\"references\":[{\"url\":\"https://github.com/eclipse-openj9/openj9/pull/17259\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://github.com/eclipse-openj9/openj9/pull/17259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/eclipse-openj9/openj9/pull/17259\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T06:26:09.798Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-2597\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-05T20:11:44.369441Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T20:11:53.709Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Eclipse Foundation\", \"product\": \"Eclipse OpenJ9\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"0.37.0\"}]}], \"references\": [{\"url\": \"https://github.com/eclipse-openj9/openj9/pull/17259\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2024-06-21T19:06:06.704404\"}}}", cveMetadata: "{\"cveId\": \"CVE-2023-2597\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T06:26:09.798Z\", \"dateReserved\": \"2023-05-09T00:00:00\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2023-05-22T00:00:00\", \"assignerShortName\": \"eclipse\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
wid-sec-w-2023-2625
Vulnerability from csaf_certbund
Published
2023-10-10 22:00
Modified
2024-08-15 22:00
Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2625 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2625.json", }, { category: "self", summary: "WID-SEC-2023-2625 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2625", }, { category: "external", summary: "IBM Security Bulletin 7049133 vom 2023-10-10", url: "https://www.ibm.com/support/pages/node/7049133", }, { category: "external", summary: "IBM Security Bulletin 7165686 vom 2024-08-16", url: "https://www.ibm.com/support/pages/node/7165686", }, ], source_lang: "en-US", title: "IBM QRadar SIEM: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-15T22:00:00.000+00:00", generator: { date: "2024-08-16T10:07:42.179+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2625", initial_release_date: "2023-10-10T22:00:00.000+00:00", revision_history: [ { date: "2023-10-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-08-15T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "7.5", product: { name: "IBM QRadar SIEM 7.5", product_id: "T022954", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5", }, }, }, { category: "product_version_range", name: "<7.5.0 UP7", product: { name: "IBM QRadar SIEM <7.5.0 UP7", product_id: "T030425", }, }, ], category: "product_name", name: "QRadar SIEM", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2016-1000027", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2016-1000027", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2022-21426", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-21426", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-3564", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-3564", }, { cve: "CVE-2022-40609", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-40609", }, { cve: "CVE-2022-48339", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-48339", }, { cve: "CVE-2023-20867", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-20867", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21930", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21939", }, { cve: "CVE-2023-21954", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21968", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-25652", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-25652", }, { cve: "CVE-2023-2597", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-2597", }, { cve: "CVE-2023-26048", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-26048", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-2828", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-2828", }, { cve: "CVE-2023-28709", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-28709", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-30441", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-30441", }, { cve: "CVE-2023-30994", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-30994", }, { cve: "CVE-2023-32067", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-32697", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-32697", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-34149", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34149", }, { cve: "CVE-2023-34396", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34396", }, { cve: "CVE-2023-34453", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34453", }, { cve: "CVE-2023-34454", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34454", }, { cve: "CVE-2023-34455", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34455", }, { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-35116", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-35116", }, { cve: "CVE-2023-38408", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-38408", }, { cve: "CVE-2023-40367", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-40367", }, ], }
wid-sec-w-2024-3518
Vulnerability from csaf_certbund
Published
2024-11-20 23:00
Modified
2024-11-20 23:00
Summary
IBM SPSS: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools für Geschäftsbenutzer, Analysten und Statistik-Programmierer.
Angriff
Ein Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools für Geschäftsbenutzer, Analysten und Statistik-Programmierer.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3518 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3518.json", }, { category: "self", summary: "WID-SEC-2024-3518 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3518", }, { category: "external", summary: "IBM Security Bulletin vom 2024-11-20", url: "https://www.ibm.com/support/pages/node/7176769", }, { category: "external", summary: "IBM Security Bulletin vom 2024-11-20", url: "https://www.ibm.com/support/pages/node/7176770", }, { category: "external", summary: "IBM Security Bulletin vom 2024-11-20", url: "https://www.ibm.com/support/pages/node/7176771", }, ], source_lang: "en-US", title: "IBM SPSS: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff", tracking: { current_release_date: "2024-11-20T23:00:00.000+00:00", generator: { date: "2024-11-21T12:02:43.681+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3518", initial_release_date: "2024-11-20T23:00:00.000+00:00", revision_history: [ { date: "2024-11-20T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<8.5-CDS-SemeruJRE17.0.12", product: { name: "IBM SPSS <8.5-CDS-SemeruJRE17.0.12", product_id: "T039381", }, }, { category: "product_version", name: "8.5-CDS-SemeruJRE17.0.12", product: { name: "IBM SPSS 8.5-CDS-SemeruJRE17.0.12", product_id: "T039381-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:spss:8.5-cds-semerujre17.0.12", }, }, }, ], category: "product_name", name: "SPSS", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-2597", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM SPSS, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu erzeugen und nicht spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T039381", ], }, release_date: "2024-11-20T23:00:00.000+00:00", title: "CVE-2023-2597", }, { cve: "CVE-2024-22361", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM SPSS, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu erzeugen und nicht spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T039381", ], }, release_date: "2024-11-20T23:00:00.000+00:00", title: "CVE-2024-22361", }, { cve: "CVE-2024-27267", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM SPSS, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service-Zustand zu erzeugen und nicht spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T039381", ], }, release_date: "2024-11-20T23:00:00.000+00:00", title: "CVE-2024-27267", }, ], }
WID-SEC-W-2023-1846
Vulnerability from csaf_certbund
Published
2023-07-20 22:00
Modified
2024-05-01 22:00
Summary
IBM Rational Business Developer: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Rational Business Developer ist eine Eclipse-basierte Programmierworkbench, für die Entwicklung von serviceorientierte Architektur (SOA) Anwendungen mithilfe der Enterprise Generation Language (EGL).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational Business Developer ausnutzen, um die Integrität und Verfügbarkeit zu gefährden
Betroffene Betriebssysteme
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM Rational Business Developer ist eine Eclipse-basierte Programmierworkbench, für die Entwicklung von serviceorientierte Architektur (SOA) Anwendungen mithilfe der Enterprise Generation Language (EGL).", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational Business Developer ausnutzen, um die Integrität und Verfügbarkeit zu gefährden", title: "Angriff", }, { category: "general", text: "- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1846 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1846.json", }, { category: "self", summary: "WID-SEC-2023-1846 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1846", }, { category: "external", summary: "IBM Security Advisory vom 2023-07-20", url: "https://www.ibm.com/support/pages/node/7013595", }, { category: "external", summary: "IBM Security Bulletin 7024729 vom 2023-08-09", url: "https://www.ibm.com/support/pages/node/7024729", }, { category: "external", summary: "IBM Security Bulletin 7150050 vom 2024-05-02", url: "https://www.ibm.com/support/pages/node/7150050", }, ], source_lang: "en-US", title: "IBM Rational Business Developer: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-01T22:00:00.000+00:00", generator: { date: "2024-08-15T17:56:01.612+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1846", initial_release_date: "2023-07-20T22:00:00.000+00:00", revision_history: [ { date: "2023-07-20T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-08-08T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-05-01T22:00:00.000+00:00", number: "3", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM Business Automation Workflow", product: { name: "IBM Business Automation Workflow", product_id: "T019704", product_identification_helper: { cpe: "cpe:/a:ibm:business_automation_workflow:-", }, }, }, { branches: [ { category: "product_name", name: "IBM Rational Business Developer", product: { name: "IBM Rational Business Developer", product_id: "T025611", product_identification_helper: { cpe: "cpe:/a:ibm:rational_business_developer:-", }, }, }, { category: "product_version_range", name: "<=9.5.1.2", product: { name: "IBM Rational Business Developer <=9.5.1.2", product_id: "T028837", }, }, { category: "product_version_range", name: "<=9.6.0.1", product: { name: "IBM Rational Business Developer <=9.6.0.1", product_id: "T028838", }, }, { category: "product_version_range", name: "<=9.7.0.1", product: { name: "IBM Rational Business Developer <=9.7.0.1", product_id: "T028839", }, }, ], category: "product_name", name: "Rational Business Developer", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21937", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21939", }, { cve: "CVE-2023-21967", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21968", }, { cve: "CVE-2023-2597", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-2597", }, ], }
wid-sec-w-2023-1846
Vulnerability from csaf_certbund
Published
2023-07-20 22:00
Modified
2024-05-01 22:00
Summary
IBM Rational Business Developer: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Rational Business Developer ist eine Eclipse-basierte Programmierworkbench, für die Entwicklung von serviceorientierte Architektur (SOA) Anwendungen mithilfe der Enterprise Generation Language (EGL).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational Business Developer ausnutzen, um die Integrität und Verfügbarkeit zu gefährden
Betroffene Betriebssysteme
- Linux
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM Rational Business Developer ist eine Eclipse-basierte Programmierworkbench, für die Entwicklung von serviceorientierte Architektur (SOA) Anwendungen mithilfe der Enterprise Generation Language (EGL).", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM Rational Business Developer ausnutzen, um die Integrität und Verfügbarkeit zu gefährden", title: "Angriff", }, { category: "general", text: "- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1846 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1846.json", }, { category: "self", summary: "WID-SEC-2023-1846 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1846", }, { category: "external", summary: "IBM Security Advisory vom 2023-07-20", url: "https://www.ibm.com/support/pages/node/7013595", }, { category: "external", summary: "IBM Security Bulletin 7024729 vom 2023-08-09", url: "https://www.ibm.com/support/pages/node/7024729", }, { category: "external", summary: "IBM Security Bulletin 7150050 vom 2024-05-02", url: "https://www.ibm.com/support/pages/node/7150050", }, ], source_lang: "en-US", title: "IBM Rational Business Developer: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-01T22:00:00.000+00:00", generator: { date: "2024-08-15T17:56:01.612+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1846", initial_release_date: "2023-07-20T22:00:00.000+00:00", revision_history: [ { date: "2023-07-20T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-08-08T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-05-01T22:00:00.000+00:00", number: "3", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "IBM Business Automation Workflow", product: { name: "IBM Business Automation Workflow", product_id: "T019704", product_identification_helper: { cpe: "cpe:/a:ibm:business_automation_workflow:-", }, }, }, { branches: [ { category: "product_name", name: "IBM Rational Business Developer", product: { name: "IBM Rational Business Developer", product_id: "T025611", product_identification_helper: { cpe: "cpe:/a:ibm:rational_business_developer:-", }, }, }, { category: "product_version_range", name: "<=9.5.1.2", product: { name: "IBM Rational Business Developer <=9.5.1.2", product_id: "T028837", }, }, { category: "product_version_range", name: "<=9.6.0.1", product: { name: "IBM Rational Business Developer <=9.6.0.1", product_id: "T028838", }, }, { category: "product_version_range", name: "<=9.7.0.1", product: { name: "IBM Rational Business Developer <=9.7.0.1", product_id: "T028839", }, }, ], category: "product_name", name: "Rational Business Developer", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21937", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21939", }, { cve: "CVE-2023-21967", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-21968", }, { cve: "CVE-2023-2597", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in IBM Rational Business Developer, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Die Fehler bestehen in den Komponenten Oracle Java SE und Oracle GraalVM Enterprise Edition im Zusammenhang mit den Erweiterungen JSSE, Swing, Networking und Libraries. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um die Integrität und Verfügbarkeit zu beeinträchtigen.", }, ], product_status: { known_affected: [ "T028839", "T028837", "T028838", "T019704", "T025611", ], }, release_date: "2023-07-20T22:00:00.000+00:00", title: "CVE-2023-2597", }, ], }
WID-SEC-W-2023-2625
Vulnerability from csaf_certbund
Published
2023-10-10 22:00
Modified
2024-08-15 22:00
Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff
Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2625 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2625.json", }, { category: "self", summary: "WID-SEC-2023-2625 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2625", }, { category: "external", summary: "IBM Security Bulletin 7049133 vom 2023-10-10", url: "https://www.ibm.com/support/pages/node/7049133", }, { category: "external", summary: "IBM Security Bulletin 7165686 vom 2024-08-16", url: "https://www.ibm.com/support/pages/node/7165686", }, ], source_lang: "en-US", title: "IBM QRadar SIEM: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-15T22:00:00.000+00:00", generator: { date: "2024-08-16T10:07:42.179+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2625", initial_release_date: "2023-10-10T22:00:00.000+00:00", revision_history: [ { date: "2023-10-10T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-08-15T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "7.5", product: { name: "IBM QRadar SIEM 7.5", product_id: "T022954", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5", }, }, }, { category: "product_version_range", name: "<7.5.0 UP7", product: { name: "IBM QRadar SIEM <7.5.0 UP7", product_id: "T030425", }, }, ], category: "product_name", name: "QRadar SIEM", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2016-1000027", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2016-1000027", }, { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2022-21426", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-21426", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-3564", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-3564", }, { cve: "CVE-2022-40609", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-40609", }, { cve: "CVE-2022-48339", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2022-48339", }, { cve: "CVE-2023-20867", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-20867", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21930", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21939", }, { cve: "CVE-2023-21954", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-21968", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-25652", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-25652", }, { cve: "CVE-2023-2597", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-2597", }, { cve: "CVE-2023-26048", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-26048", }, { cve: "CVE-2023-26049", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-26049", }, { cve: "CVE-2023-2828", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-2828", }, { cve: "CVE-2023-28709", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-28709", }, { cve: "CVE-2023-29007", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-29007", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-30441", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-30441", }, { cve: "CVE-2023-30994", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-30994", }, { cve: "CVE-2023-32067", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-32067", }, { cve: "CVE-2023-32697", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-32697", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-34149", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34149", }, { cve: "CVE-2023-34396", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34396", }, { cve: "CVE-2023-34453", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34453", }, { cve: "CVE-2023-34454", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34454", }, { cve: "CVE-2023-34455", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34455", }, { cve: "CVE-2023-34981", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-34981", }, { cve: "CVE-2023-35116", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-35116", }, { cve: "CVE-2023-38408", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-38408", }, { cve: "CVE-2023-40367", notes: [ { category: "description", text: "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem aufgrund von Pufferüberläufen, Integer-Überläufen, unsicherer Behandlung, Use-after-free-Fehlern und einem unsicheren Deserialisierungsfehler. Zu den betroffenen Komponenten gehören Apache Tomcat, Apache Portable Runtime, Apache HttpClient, Java SE, l2cap_reassemble_sdu, c-ares, The Bouncy Castle Crypto Package, Pivota Spring Framework, snappy-java, IBM SDK, GNU Emacs, Fasterxml jackson-databind, VMWare Tools, Eclipse Jetty, OpenSSH, ISC BIND, Apache Struts, Git, SQLite JDBC, Eclipse Openj9 und Google Guava. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.", }, ], product_status: { known_affected: [ "T022954", ], }, release_date: "2023-10-10T22:00:00.000+00:00", title: "CVE-2023-40367", }, ], }
opensuse-su-2024:13110-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
java-1_8_0-openj9-1.8.0.372-1.1 on GA media
Notes
Title of the patch
java-1_8_0-openj9-1.8.0.372-1.1 on GA media
Description of the patch
These are all security issues fixed in the java-1_8_0-openj9-1.8.0.372-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13110
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "java-1_8_0-openj9-1.8.0.372-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the java-1_8_0-openj9-1.8.0.372-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13110", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13110-1.json", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, ], title: "java-1_8_0-openj9-1.8.0.372-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13110-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-1.1.aarch64", product: { name: "java-1_8_0-openj9-1.8.0.372-1.1.aarch64", product_id: "java-1_8_0-openj9-1.8.0.372-1.1.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", product_id: "java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", product_id: "java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", product_id: "java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", product: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", product_id: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", product: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", product_id: "java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", product: { name: "java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", product_id: "java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", product_id: "java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", product_id: "java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", product_id: "java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", product: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", product_id: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", product: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", product_id: "java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-1.1.s390x", product: { name: "java-1_8_0-openj9-1.8.0.372-1.1.s390x", product_id: "java-1_8_0-openj9-1.8.0.372-1.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", product_id: "java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", product_id: "java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", product_id: "java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", product: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", product_id: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", product: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", product_id: "java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-1.1.x86_64", product: { name: "java-1_8_0-openj9-1.8.0.372-1.1.x86_64", product_id: "java-1_8_0-openj9-1.8.0.372-1.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", product_id: "java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", product_id: "java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", product_id: "java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", product: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", product_id: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", product: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", product_id: "java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", }, product_reference: "java-1_8_0-openj9-1.8.0.372-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", }, product_reference: "java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", }, product_reference: "java-1_8_0-openj9-1.8.0.372-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", }, product_reference: "java-1_8_0-openj9-1.8.0.372-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", }, product_reference: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", }, product_reference: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", }, product_reference: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", }, product_reference: "java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-accessibility-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-demo-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-devel-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-headless-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-javadoc-1.8.0.372-1.1.x86_64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.aarch64", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.ppc64le", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.s390x", "openSUSE Tumbleweed:java-1_8_0-openj9-src-1.8.0.372-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-2597", }, ], }
opensuse-su-2025:0067-1
Vulnerability from csaf_opensuse
Published
2025-02-19 22:53
Modified
2025-02-19 22:53
Summary
Security update for java-17-openj9
Notes
Title of the patch
Security update for java-17-openj9
Description of the patch
This update for java-17-openj9 fixes the following issues:
- Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine
- Including Oracle October 2024 and January 2025 CPU changes
* CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),
CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),
CVE-2025-21502 (boo#1236278)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.49/
- Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine
- Including Oracle July 2024 CPU changes
* CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),
CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052),
CVE-2024-21145 (boo#1228051)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.46/
- Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine
- Including Oracle April 2024 CPU changes
* CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),
CVE-2024-21011 (boo#1222979), CVE-2024-21068 (boo#1222983)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.44/
- Update to OpenJDK 17.0.10 with OpenJ9 0.43.0 virtual machine
- Including Oracle January 2024 CPU changes
* CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),
CVE-2024-20921 (boo#1218905), CVE-2024-20932 (boo#1218908),
CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.43/
- Update to OpenJDK 17.0.9 with OpenJ9 0.41.0 virtual machine
- Including Oracle October 2023 CPU changes
* CVE-2023-22081, boo#1216374
* CVE-2023-22025, boo#1216339
- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214
* For other OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.41
- Update to OpenJDK 17.0.8.1 with OpenJ9 0.40.0 virtual machine
* JDK-8313765: Invalid CEN header (invalid zip64 extra data
field size)
- Update to OpenJDK 17.0.8 with OpenJ9 0.40.0 virtual machine
- Including Oracle July 2023 CPU changes
* CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),
CVE-2023-22041 (boo#1213475), CVE-2023-22044 (boo#1213479),
CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482),
CVE-2023-25193 (boo#1207922)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.40
- Update to OpenJDK 17.0.7 with OpenJ9 0.38.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),
CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),
CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),
CVE-2023-21968 (boo#1210637)
* OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.38
- Update to OpenJDK 17.0.6 with OpenJ9 0.36.0 virtual machine
* including Oracle January 2023 CPU changes
+ CVE-2023-21835, boo#1207246
+ CVE-2023-21843, boo#1207248
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.36
- Update to OpenJDK 17.0.5 with OpenJ9 0.35.0 virtual machine
* Including Oracle October 2022 CPU changes
CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473),
CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475),
CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)
* Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.35
Patchnames
openSUSE-2025-67
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for java-17-openj9", title: "Title of the patch", }, { category: "description", text: "This update for java-17-openj9 fixes the following issues:\n\n- Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine\n- Including Oracle October 2024 and January 2025 CPU changes\n * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),\n CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),\n CVE-2025-21502 (boo#1236278)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.49/\n\n- Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine\n- Including Oracle July 2024 CPU changes\n * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),\n CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052),\n CVE-2024-21145 (boo#1228051)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.46/\n\n- Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine\n- Including Oracle April 2024 CPU changes\n * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),\n CVE-2024-21011 (boo#1222979), CVE-2024-21068 (boo#1222983)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.44/\n\n- Update to OpenJDK 17.0.10 with OpenJ9 0.43.0 virtual machine\n- Including Oracle January 2024 CPU changes\n * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),\n CVE-2024-20921 (boo#1218905), CVE-2024-20932 (boo#1218908),\n CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.43/\n\n- Update to OpenJDK 17.0.9 with OpenJ9 0.41.0 virtual machine\n- Including Oracle October 2023 CPU changes\n * CVE-2023-22081, boo#1216374\n * CVE-2023-22025, boo#1216339\n- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214\n * For other OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.41 \n\n- Update to OpenJDK 17.0.8.1 with OpenJ9 0.40.0 virtual machine\n * JDK-8313765: Invalid CEN header (invalid zip64 extra data\n field size)\n\n- Update to OpenJDK 17.0.8 with OpenJ9 0.40.0 virtual machine\n- Including Oracle July 2023 CPU changes\n * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),\n CVE-2023-22041 (boo#1213475), CVE-2023-22044 (boo#1213479),\n CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482),\n CVE-2023-25193 (boo#1207922)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.40\n\n- Update to OpenJDK 17.0.7 with OpenJ9 0.38.0 virtual machine\n- Including Oracle April 2023 CPU changes\n * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),\n CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),\n CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),\n CVE-2023-21968 (boo#1210637)\n * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.38\n\n- Update to OpenJDK 17.0.6 with OpenJ9 0.36.0 virtual machine\n * including Oracle January 2023 CPU changes\n + CVE-2023-21835, boo#1207246\n + CVE-2023-21843, boo#1207248\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.36\n\n- Update to OpenJDK 17.0.5 with OpenJ9 0.35.0 virtual machine\n * Including Oracle October 2022 CPU changes\n CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473),\n CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475),\n CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)\n * Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.35\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2025-67", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_0067-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2025:0067-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5CCGSPUXUTQHDG25O5DM4G37BLRUMN/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2025:0067-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XA5CCGSPUXUTQHDG25O5DM4G37BLRUMN/", }, { category: "self", summary: "SUSE Bug 1204468", url: "https://bugzilla.suse.com/1204468", }, { category: "self", summary: "SUSE Bug 1204471", url: "https://bugzilla.suse.com/1204471", }, { category: "self", summary: "SUSE Bug 1204472", url: "https://bugzilla.suse.com/1204472", }, { category: "self", summary: "SUSE Bug 1204473", url: "https://bugzilla.suse.com/1204473", }, { category: "self", summary: "SUSE Bug 1204475", url: "https://bugzilla.suse.com/1204475", }, { category: "self", summary: "SUSE Bug 1204480", url: "https://bugzilla.suse.com/1204480", }, { category: "self", summary: "SUSE Bug 1204703", url: "https://bugzilla.suse.com/1204703", }, { category: "self", summary: "SUSE Bug 1206549", url: "https://bugzilla.suse.com/1206549", }, { category: "self", summary: "SUSE Bug 1207246", url: "https://bugzilla.suse.com/1207246", }, { category: "self", summary: "SUSE Bug 1207248", url: "https://bugzilla.suse.com/1207248", }, { category: "self", summary: "SUSE Bug 1207922", url: "https://bugzilla.suse.com/1207922", }, { category: "self", summary: "SUSE Bug 1210628", url: "https://bugzilla.suse.com/1210628", }, { category: "self", summary: "SUSE Bug 1210631", url: "https://bugzilla.suse.com/1210631", }, { category: "self", summary: "SUSE Bug 1210632", url: "https://bugzilla.suse.com/1210632", }, { category: "self", summary: "SUSE Bug 1210634", url: "https://bugzilla.suse.com/1210634", }, { category: "self", summary: "SUSE Bug 1210635", url: "https://bugzilla.suse.com/1210635", }, { category: "self", summary: "SUSE Bug 1210636", url: "https://bugzilla.suse.com/1210636", }, { category: "self", summary: "SUSE Bug 1210637", url: "https://bugzilla.suse.com/1210637", }, { category: "self", summary: "SUSE Bug 1211615", url: "https://bugzilla.suse.com/1211615", }, { category: "self", summary: "SUSE Bug 1213470", url: "https://bugzilla.suse.com/1213470", }, { category: "self", summary: "SUSE Bug 1213473", url: "https://bugzilla.suse.com/1213473", }, { category: "self", summary: "SUSE Bug 1213474", url: "https://bugzilla.suse.com/1213474", }, { category: "self", summary: "SUSE Bug 1213475", url: "https://bugzilla.suse.com/1213475", }, { category: "self", summary: "SUSE Bug 1213479", url: "https://bugzilla.suse.com/1213479", }, { category: "self", summary: "SUSE Bug 1213481", url: "https://bugzilla.suse.com/1213481", }, { category: "self", summary: "SUSE Bug 1213482", url: "https://bugzilla.suse.com/1213482", }, { category: "self", summary: "SUSE Bug 1216339", url: "https://bugzilla.suse.com/1216339", }, { category: "self", summary: "SUSE Bug 1216374", url: "https://bugzilla.suse.com/1216374", }, { category: "self", summary: "SUSE Bug 1217214", url: "https://bugzilla.suse.com/1217214", }, { category: "self", summary: "SUSE Bug 1218903", url: "https://bugzilla.suse.com/1218903", }, { category: "self", summary: "SUSE Bug 1218905", url: "https://bugzilla.suse.com/1218905", }, { category: "self", summary: "SUSE Bug 1218907", url: "https://bugzilla.suse.com/1218907", }, { category: "self", summary: "SUSE Bug 1218908", url: "https://bugzilla.suse.com/1218908", }, { category: "self", summary: "SUSE Bug 1218909", url: "https://bugzilla.suse.com/1218909", }, { category: "self", summary: "SUSE Bug 1218911", url: "https://bugzilla.suse.com/1218911", }, { category: "self", summary: "SUSE Bug 1222979", url: "https://bugzilla.suse.com/1222979", }, { category: "self", summary: "SUSE Bug 1222983", url: "https://bugzilla.suse.com/1222983", }, { category: "self", summary: "SUSE Bug 1222986", url: "https://bugzilla.suse.com/1222986", }, { category: "self", summary: "SUSE Bug 1222987", url: "https://bugzilla.suse.com/1222987", }, { category: "self", summary: "SUSE Bug 1228046", url: "https://bugzilla.suse.com/1228046", }, { category: "self", summary: "SUSE Bug 1228047", url: "https://bugzilla.suse.com/1228047", }, { category: "self", summary: "SUSE Bug 1228048", url: "https://bugzilla.suse.com/1228048", }, { category: "self", summary: "SUSE Bug 1228051", url: "https://bugzilla.suse.com/1228051", }, { category: "self", summary: "SUSE Bug 1228052", url: "https://bugzilla.suse.com/1228052", }, { category: "self", summary: "SUSE Bug 1231702", url: "https://bugzilla.suse.com/1231702", }, { category: "self", summary: "SUSE Bug 1231711", url: "https://bugzilla.suse.com/1231711", }, { category: "self", summary: "SUSE Bug 1231716", url: "https://bugzilla.suse.com/1231716", }, { category: "self", summary: "SUSE Bug 1231719", url: "https://bugzilla.suse.com/1231719", }, { category: "self", summary: "SUSE Bug 1236278", url: "https://bugzilla.suse.com/1236278", }, { category: "self", summary: "SUSE Bug 1236804", url: "https://bugzilla.suse.com/1236804", }, { category: "self", summary: "SUSE CVE CVE-2022-21618 page", url: "https://www.suse.com/security/cve/CVE-2022-21618/", }, { category: "self", summary: "SUSE CVE CVE-2022-21619 page", url: "https://www.suse.com/security/cve/CVE-2022-21619/", }, { category: "self", summary: "SUSE CVE CVE-2022-21624 page", url: "https://www.suse.com/security/cve/CVE-2022-21624/", }, { category: "self", summary: "SUSE CVE CVE-2022-21626 page", url: "https://www.suse.com/security/cve/CVE-2022-21626/", }, { category: "self", summary: "SUSE CVE CVE-2022-21628 page", url: "https://www.suse.com/security/cve/CVE-2022-21628/", }, { category: "self", summary: "SUSE CVE CVE-2022-3676 page", url: "https://www.suse.com/security/cve/CVE-2022-3676/", }, { category: "self", summary: "SUSE CVE CVE-2022-39399 page", url: "https://www.suse.com/security/cve/CVE-2022-39399/", }, { category: "self", summary: "SUSE CVE CVE-2023-21835 page", url: "https://www.suse.com/security/cve/CVE-2023-21835/", }, { category: "self", summary: "SUSE CVE CVE-2023-21843 page", url: "https://www.suse.com/security/cve/CVE-2023-21843/", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21937 page", url: "https://www.suse.com/security/cve/CVE-2023-21937/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21939 page", url: "https://www.suse.com/security/cve/CVE-2023-21939/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21967 page", url: "https://www.suse.com/security/cve/CVE-2023-21967/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-22006 page", url: "https://www.suse.com/security/cve/CVE-2023-22006/", }, { category: "self", summary: "SUSE CVE CVE-2023-22025 page", url: "https://www.suse.com/security/cve/CVE-2023-22025/", }, { category: "self", summary: "SUSE CVE CVE-2023-22036 page", url: "https://www.suse.com/security/cve/CVE-2023-22036/", }, { category: "self", summary: "SUSE CVE CVE-2023-22041 page", url: "https://www.suse.com/security/cve/CVE-2023-22041/", }, { category: "self", summary: "SUSE CVE CVE-2023-22044 page", url: "https://www.suse.com/security/cve/CVE-2023-22044/", }, { category: "self", summary: "SUSE CVE CVE-2023-22045 page", url: "https://www.suse.com/security/cve/CVE-2023-22045/", }, { category: "self", summary: "SUSE CVE CVE-2023-22049 page", url: "https://www.suse.com/security/cve/CVE-2023-22049/", }, { category: "self", summary: "SUSE CVE CVE-2023-22081 page", url: "https://www.suse.com/security/cve/CVE-2023-22081/", }, { category: "self", summary: "SUSE CVE CVE-2023-25193 page", url: "https://www.suse.com/security/cve/CVE-2023-25193/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, { category: "self", summary: "SUSE CVE CVE-2023-5676 page", url: "https://www.suse.com/security/cve/CVE-2023-5676/", }, { category: "self", summary: "SUSE CVE CVE-2024-20918 page", url: "https://www.suse.com/security/cve/CVE-2024-20918/", }, { category: "self", summary: "SUSE CVE CVE-2024-20919 page", url: "https://www.suse.com/security/cve/CVE-2024-20919/", }, { category: "self", summary: "SUSE CVE CVE-2024-20921 page", url: "https://www.suse.com/security/cve/CVE-2024-20921/", }, { category: "self", summary: "SUSE CVE CVE-2024-20932 page", url: "https://www.suse.com/security/cve/CVE-2024-20932/", }, { category: "self", summary: "SUSE CVE CVE-2024-20945 page", url: "https://www.suse.com/security/cve/CVE-2024-20945/", }, { category: "self", summary: "SUSE CVE CVE-2024-20952 page", url: "https://www.suse.com/security/cve/CVE-2024-20952/", }, { category: "self", summary: "SUSE CVE CVE-2024-21011 page", url: "https://www.suse.com/security/cve/CVE-2024-21011/", }, { category: "self", summary: "SUSE CVE CVE-2024-21012 page", url: "https://www.suse.com/security/cve/CVE-2024-21012/", }, { category: "self", summary: "SUSE CVE CVE-2024-21068 page", url: "https://www.suse.com/security/cve/CVE-2024-21068/", }, { category: "self", summary: "SUSE CVE CVE-2024-21094 page", url: "https://www.suse.com/security/cve/CVE-2024-21094/", }, { category: "self", summary: "SUSE CVE CVE-2024-21131 page", url: "https://www.suse.com/security/cve/CVE-2024-21131/", }, { category: "self", summary: "SUSE CVE CVE-2024-21138 page", url: "https://www.suse.com/security/cve/CVE-2024-21138/", }, { category: "self", summary: "SUSE CVE CVE-2024-21140 page", url: "https://www.suse.com/security/cve/CVE-2024-21140/", }, { category: "self", summary: "SUSE CVE CVE-2024-21145 page", url: "https://www.suse.com/security/cve/CVE-2024-21145/", }, { category: "self", summary: "SUSE CVE CVE-2024-21147 page", url: "https://www.suse.com/security/cve/CVE-2024-21147/", }, { category: "self", summary: "SUSE CVE CVE-2024-21208 page", url: "https://www.suse.com/security/cve/CVE-2024-21208/", }, { category: "self", summary: "SUSE CVE CVE-2024-21210 page", url: "https://www.suse.com/security/cve/CVE-2024-21210/", }, { category: "self", summary: "SUSE CVE CVE-2024-21217 page", url: "https://www.suse.com/security/cve/CVE-2024-21217/", }, { category: "self", summary: "SUSE CVE CVE-2024-21235 page", url: "https://www.suse.com/security/cve/CVE-2024-21235/", }, { category: "self", summary: "SUSE CVE CVE-2025-21502 page", url: "https://www.suse.com/security/cve/CVE-2025-21502/", }, ], title: "Security update for java-17-openj9", tracking: { current_release_date: "2025-02-19T22:53:13Z", generator: { date: "2025-02-19T22:53:13Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:0067-1", initial_release_date: "2025-02-19T22:53:13Z", revision_history: [ { date: "2025-02-19T22:53:13Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", product: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", product_id: "java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", product: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", product_id: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", product: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", product_id: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", product: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", product_id: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", product: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", product_id: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", product: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", product_id: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", product: { name: "java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", product_id: "java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", product: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", product_id: "java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", product: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", product_id: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", product: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", product_id: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", product: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", product_id: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", product: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", product_id: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", product: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", product_id: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", product: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", product_id: "java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", product: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", product_id: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", product: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", product_id: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", product: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", product_id: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", product: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", product_id: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", product: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", product_id: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", product: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", product_id: "java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", product: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", product_id: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", product: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", product_id: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", product: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", product_id: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", product: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", product_id: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", product: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", product_id: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP6", product: { name: "SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6", }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", }, product_reference: "java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", }, product_reference: "java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", }, product_reference: "java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21618", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21618", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21618", url: "https://www.suse.com/security/cve/CVE-2022-21618", }, { category: "external", summary: "SUSE Bug 1204468 for CVE-2022-21618", url: "https://bugzilla.suse.com/1204468", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21618", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2022-21618", }, { cve: "CVE-2022-21619", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21619", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21619", url: "https://www.suse.com/security/cve/CVE-2022-21619", }, { category: "external", summary: "SUSE Bug 1204473 for CVE-2022-21619", url: "https://bugzilla.suse.com/1204473", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21619", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2022-21619", }, { cve: "CVE-2022-21624", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21624", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21624", url: "https://www.suse.com/security/cve/CVE-2022-21624", }, { category: "external", summary: "SUSE Bug 1204475 for CVE-2022-21624", url: "https://bugzilla.suse.com/1204475", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21624", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2022-21624", }, { cve: "CVE-2022-21626", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21626", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21626", url: "https://www.suse.com/security/cve/CVE-2022-21626", }, { category: "external", summary: "SUSE Bug 1204471 for CVE-2022-21626", url: "https://bugzilla.suse.com/1204471", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21626", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2022-21626", }, { cve: "CVE-2022-21628", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21628", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21628", url: "https://www.suse.com/security/cve/CVE-2022-21628", }, { category: "external", summary: "SUSE Bug 1204472 for CVE-2022-21628", url: "https://bugzilla.suse.com/1204472", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21628", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2022-21628", }, { cve: "CVE-2022-3676", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3676", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3676", url: "https://www.suse.com/security/cve/CVE-2022-3676", }, { category: "external", summary: "SUSE Bug 1204703 for CVE-2022-3676", url: "https://bugzilla.suse.com/1204703", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2022-3676", }, { cve: "CVE-2022-39399", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39399", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-39399", url: "https://www.suse.com/security/cve/CVE-2022-39399", }, { category: "external", summary: "SUSE Bug 1204480 for CVE-2022-39399", url: "https://bugzilla.suse.com/1204480", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-39399", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2022-39399", }, { cve: "CVE-2023-21835", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21835", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21835", url: "https://www.suse.com/security/cve/CVE-2023-21835", }, { category: "external", summary: "SUSE Bug 1207246 for CVE-2023-21835", url: "https://bugzilla.suse.com/1207246", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-21835", }, { cve: "CVE-2023-21843", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21843", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21843", url: "https://www.suse.com/security/cve/CVE-2023-21843", }, { category: "external", summary: "SUSE Bug 1207248 for CVE-2023-21843", url: "https://bugzilla.suse.com/1207248", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-21843", }, { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21937", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21937", url: "https://www.suse.com/security/cve/CVE-2023-21937", }, { category: "external", summary: "SUSE Bug 1210631 for CVE-2023-21937", url: "https://bugzilla.suse.com/1210631", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21939", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21939", url: "https://www.suse.com/security/cve/CVE-2023-21939", }, { category: "external", summary: "SUSE Bug 1210634 for CVE-2023-21939", url: "https://bugzilla.suse.com/1210634", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-21939", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21967", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21967", url: "https://www.suse.com/security/cve/CVE-2023-21967", }, { category: "external", summary: "SUSE Bug 1210636 for CVE-2023-21967", url: "https://bugzilla.suse.com/1210636", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-22006", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22006", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22006", url: "https://www.suse.com/security/cve/CVE-2023-22006", }, { category: "external", summary: "SUSE Bug 1213473 for CVE-2023-22006", url: "https://bugzilla.suse.com/1213473", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-22006", }, { cve: "CVE-2023-22025", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22025", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and 22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22025", url: "https://www.suse.com/security/cve/CVE-2023-22025", }, { category: "external", summary: "SUSE Bug 1216339 for CVE-2023-22025", url: "https://bugzilla.suse.com/1216339", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-22025", }, { cve: "CVE-2023-22036", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22036", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22036", url: "https://www.suse.com/security/cve/CVE-2023-22036", }, { category: "external", summary: "SUSE Bug 1213474 for CVE-2023-22036", url: "https://bugzilla.suse.com/1213474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-22036", }, { cve: "CVE-2023-22041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22041", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22041", url: "https://www.suse.com/security/cve/CVE-2023-22041", }, { category: "external", summary: "SUSE Bug 1213475 for CVE-2023-22041", url: "https://bugzilla.suse.com/1213475", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-22041", }, { cve: "CVE-2023-22044", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22044", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22044", url: "https://www.suse.com/security/cve/CVE-2023-22044", }, { category: "external", summary: "SUSE Bug 1213479 for CVE-2023-22044", url: "https://bugzilla.suse.com/1213479", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-22044", }, { cve: "CVE-2023-22045", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22045", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22045", url: "https://www.suse.com/security/cve/CVE-2023-22045", }, { category: "external", summary: "SUSE Bug 1213481 for CVE-2023-22045", url: "https://bugzilla.suse.com/1213481", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-22045", }, { cve: "CVE-2023-22049", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22049", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22049", url: "https://www.suse.com/security/cve/CVE-2023-22049", }, { category: "external", summary: "SUSE Bug 1213482 for CVE-2023-22049", url: "https://bugzilla.suse.com/1213482", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2023-22049", }, { cve: "CVE-2023-22081", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22081", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22081", url: "https://www.suse.com/security/cve/CVE-2023-22081", }, { category: "external", summary: "SUSE Bug 1216374 for CVE-2023-22081", url: "https://bugzilla.suse.com/1216374", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-22081", }, { cve: "CVE-2023-25193", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-25193", }, ], notes: [ { category: "general", text: "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-25193", url: "https://www.suse.com/security/cve/CVE-2023-25193", }, { category: "external", summary: "SUSE Bug 1207922 for CVE-2023-25193", url: "https://bugzilla.suse.com/1207922", }, { category: "external", summary: "SUSE Bug 1213939 for CVE-2023-25193", url: "https://bugzilla.suse.com/1213939", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "important", }, ], title: "CVE-2023-25193", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-2597", }, { cve: "CVE-2023-5676", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-5676", }, ], notes: [ { category: "general", text: "In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-5676", url: "https://www.suse.com/security/cve/CVE-2023-5676", }, { category: "external", summary: "SUSE Bug 1217214 for CVE-2023-5676", url: "https://bugzilla.suse.com/1217214", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2023-5676", }, { cve: "CVE-2024-20918", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20918", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20918", url: "https://www.suse.com/security/cve/CVE-2024-20918", }, { category: "external", summary: "SUSE Bug 1218907 for CVE-2024-20918", url: "https://bugzilla.suse.com/1218907", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20918", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "important", }, ], title: "CVE-2024-20918", }, { cve: "CVE-2024-20919", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20919", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20919", url: "https://www.suse.com/security/cve/CVE-2024-20919", }, { category: "external", summary: "SUSE Bug 1218903 for CVE-2024-20919", url: "https://bugzilla.suse.com/1218903", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20919", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-20919", }, { cve: "CVE-2024-20921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20921", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20921", url: "https://www.suse.com/security/cve/CVE-2024-20921", }, { category: "external", summary: "SUSE Bug 1218905 for CVE-2024-20921", url: "https://bugzilla.suse.com/1218905", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20921", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-20921", }, { cve: "CVE-2024-20932", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20932", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20932", url: "https://www.suse.com/security/cve/CVE-2024-20932", }, { category: "external", summary: "SUSE Bug 1218908 for CVE-2024-20932", url: "https://bugzilla.suse.com/1218908", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20932", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "important", }, ], title: "CVE-2024-20932", }, { cve: "CVE-2024-20945", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20945", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20945", url: "https://www.suse.com/security/cve/CVE-2024-20945", }, { category: "external", summary: "SUSE Bug 1218909 for CVE-2024-20945", url: "https://bugzilla.suse.com/1218909", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20945", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-20945", }, { cve: "CVE-2024-20952", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20952", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20952", url: "https://www.suse.com/security/cve/CVE-2024-20952", }, { category: "external", summary: "SUSE Bug 1218911 for CVE-2024-20952", url: "https://bugzilla.suse.com/1218911", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20952", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "important", }, ], title: "CVE-2024-20952", }, { cve: "CVE-2024-21011", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21011", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21011", url: "https://www.suse.com/security/cve/CVE-2024-21011", }, { category: "external", summary: "SUSE Bug 1222979 for CVE-2024-21011", url: "https://bugzilla.suse.com/1222979", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2024-21011", }, { cve: "CVE-2024-21012", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21012", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21012", url: "https://www.suse.com/security/cve/CVE-2024-21012", }, { category: "external", summary: "SUSE Bug 1222987 for CVE-2024-21012", url: "https://bugzilla.suse.com/1222987", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2024-21012", }, { cve: "CVE-2024-21068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21068", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21068", url: "https://www.suse.com/security/cve/CVE-2024-21068", }, { category: "external", summary: "SUSE Bug 1222983 for CVE-2024-21068", url: "https://bugzilla.suse.com/1222983", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2024-21068", }, { cve: "CVE-2024-21094", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21094", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21094", url: "https://www.suse.com/security/cve/CVE-2024-21094", }, { category: "external", summary: "SUSE Bug 1222986 for CVE-2024-21094", url: "https://bugzilla.suse.com/1222986", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2024-21094", }, { cve: "CVE-2024-21131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21131", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21131", url: "https://www.suse.com/security/cve/CVE-2024-21131", }, { category: "external", summary: "SUSE Bug 1228046 for CVE-2024-21131", url: "https://bugzilla.suse.com/1228046", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2024-21131", }, { cve: "CVE-2024-21138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21138", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21138", url: "https://www.suse.com/security/cve/CVE-2024-21138", }, { category: "external", summary: "SUSE Bug 1228047 for CVE-2024-21138", url: "https://bugzilla.suse.com/1228047", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "low", }, ], title: "CVE-2024-21138", }, { cve: "CVE-2024-21140", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21140", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21140", url: "https://www.suse.com/security/cve/CVE-2024-21140", }, { category: "external", summary: "SUSE Bug 1228048 for CVE-2024-21140", url: "https://bugzilla.suse.com/1228048", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-21140", }, { cve: "CVE-2024-21145", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21145", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21145", url: "https://www.suse.com/security/cve/CVE-2024-21145", }, { category: "external", summary: "SUSE Bug 1228051 for CVE-2024-21145", url: "https://bugzilla.suse.com/1228051", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-21145", }, { cve: "CVE-2024-21147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21147", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21147", url: "https://www.suse.com/security/cve/CVE-2024-21147", }, { category: "external", summary: "SUSE Bug 1228052 for CVE-2024-21147", url: "https://bugzilla.suse.com/1228052", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "important", }, ], title: "CVE-2024-21147", }, { cve: "CVE-2024-21208", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21208", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21208", url: "https://www.suse.com/security/cve/CVE-2024-21208", }, { category: "external", summary: "SUSE Bug 1231702 for CVE-2024-21208", url: "https://bugzilla.suse.com/1231702", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-21208", }, { cve: "CVE-2024-21210", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21210", }, ], notes: [ { category: "general", text: "Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21210", url: "https://www.suse.com/security/cve/CVE-2024-21210", }, { category: "external", summary: "SUSE Bug 1231711 for CVE-2024-21210", url: "https://bugzilla.suse.com/1231711", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-21210", }, { cve: "CVE-2024-21217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21217", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21217", url: "https://www.suse.com/security/cve/CVE-2024-21217", }, { category: "external", summary: "SUSE Bug 1231716 for CVE-2024-21217", url: "https://bugzilla.suse.com/1231716", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-21217", }, { cve: "CVE-2024-21235", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21235", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21235", url: "https://www.suse.com/security/cve/CVE-2024-21235", }, { category: "external", summary: "SUSE Bug 1231719 for CVE-2024-21235", url: "https://bugzilla.suse.com/1231719", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2024-21235", }, { cve: "CVE-2025-21502", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-21502", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-21502", url: "https://www.suse.com/security/cve/CVE-2025-21502", }, { category: "external", summary: "SUSE Bug 1236278 for CVE-2025-21502", url: "https://bugzilla.suse.com/1236278", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "SUSE Package Hub 15 SP6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-demo-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-devel-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-headless-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-javadoc-17.0.14.0-bp156.3.3.1.noarch", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-jmods-17.0.14.0-bp156.3.3.1.x86_64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.aarch64", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.ppc64le", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.s390x", "openSUSE Leap 15.6:java-17-openj9-src-17.0.14.0-bp156.3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-19T22:53:13Z", details: "moderate", }, ], title: "CVE-2025-21502", }, ], }
opensuse-su-2025:0066-1
Vulnerability from csaf_opensuse
Published
2025-02-18 16:58
Modified
2025-02-18 16:58
Summary
Security update for java-11-openj9
Notes
Title of the patch
Security update for java-11-openj9
Description of the patch
This update for java-11-openj9 fixes the following issues:
- Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine
- Including Oracle October 2024 and January 2025 CPU changes
* CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),
CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),
CVE-2025-21502 (boo#1236278)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.49/
- Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine
- Including Oracle July 2024 CPU changes
* CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),
CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050),
CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.46/
- Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine
- Including Oracle April 2024 CPU changes
* CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),
CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984),
CVE-2024-21068 (boo#1222983)
- Including OpenJ9/OMR specific fix:
* CVE-2024-3933 (boo#1225470)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.44/
- Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine
- Including Oracle January 2024 CPU changes
* CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),
CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906),
CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.43/
- Remove the possibility to put back removes JavaEE modules, since
our Java stack does not need this hack any more
- Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine
- Including Oracle October 2023 CPU changes
* CVE-2023-22081, boo#1216374
- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214
* For other OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.41
- Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine
* JDK-8313765: Invalid CEN header (invalid zip64 extra data
field size)
- Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),
CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481),
CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.40
- Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine
- Including Oracle April 2023 CPU changes
* CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),
CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),
CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),
CVE-2023-21968 (boo#1210637)
* OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.38
- Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine
* Including Oracle January 2023 CPU changes
+ CVE-2023-21835, boo#1207246
+ CVE-2023-21843, boo#1207248
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.36
- Update to OpenJDK 11.0.17 with OpenJ9 0.35.0 virtual machine
* Including Oracle October 2022 CPU changes
CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473),
CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475),
CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)
* Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.35
- Update to OpenJDK 11.0.16 with OpenJ9 0.33.0 virtual machine
* Including Oracle July 2022 CPU changes
CVE-2022-21540 (boo#1201694), CVE-2022-21541 (boo#1201692),
CVE-2022-34169 (boo#1201684)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.33
- Update to OpenJDK 11.0.15 with OpenJ9 0.32.0 virtual machine
* Fixes boo#1198935, CVE-2021-41041: unverified methods can be
invoked using MethodHandles
* Including Oracle April 2022 CPU fixes
CVE-2022-21426 (boo#1198672), CVE-2022-21434 (boo#1198674),
CVE-2022-21443 (boo#1198675), CVE-2022-21476 (boo#1198671),
CVE-2022-21496 (boo#1198673)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.32
- Update to OpenJDK 11.0.14.1 with OpenJ9 0.30.1 virtual machine
* including Oracle January 2022 CPU changes (boo#1194925,
boo#1194926, boo#1194927, boo#1194928, boo#1194929, boo#1194930,
boo#1194931, boo#1194932, boo#1194933, boo#1194934, boo#1194935,
boo#1194937, boo#1194939, boo#1194940, boo#1194941)
* OpenJ9 changes see
https://www.eclipse.org/openj9/docs/version0.30.1
- Update to OpenJDK 11.0.13 with OpenJ9 0.29.0 virtual machine
* including Oracle July 2021 and October 2021 CPU changes
(boo#1188564, boo#1188565, boo#1188566, boo#1191901,
boo#1191909, boo#1191910, boo#1191911, boo#1191912,
boo#1191913, boo#1191903, boo#1191904, boo#1191914,
boo#1191906)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.29
- Update to OpenJDK 11.0.11 with OpenJ9 0.26.0 virtual machine
* including Oracle April 2021 CPU changes (boo#1185055 and
boo#1185056)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.26
- Update to OpenJDK 11.0.10 with OpenJ9 0.24.0 virtual machine
* including Oracle January 2021 CPU changes (boo#1181239)
* OpenJ9 changes, see
https://www.eclipse.org/openj9/docs/version0.24
Patchnames
openSUSE-2025-66
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for java-11-openj9", title: "Title of the patch", }, { category: "description", text: "This update for java-11-openj9 fixes the following issues:\n\n- Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine\n- Including Oracle October 2024 and January 2025 CPU changes\n * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711),\n CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719),\n CVE-2025-21502 (boo#1236278)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.49/\n\n- Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine\n- Including Oracle July 2024 CPU changes\n * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047),\n CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050),\n CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.46/\n\n- Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine\n- Including Oracle April 2024 CPU changes\n * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986),\n CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984),\n CVE-2024-21068 (boo#1222983)\n- Including OpenJ9/OMR specific fix:\n * CVE-2024-3933 (boo#1225470)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.44/\n\n- Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine\n- Including Oracle January 2024 CPU changes\n * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903),\n CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906),\n CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911)\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.43/\n- Remove the possibility to put back removes JavaEE modules, since\n our Java stack does not need this hack any more\n\n- Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine\n- Including Oracle October 2023 CPU changes\n * CVE-2023-22081, boo#1216374\n- Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214\n * For other OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.41 \n\n- Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine\n * JDK-8313765: Invalid CEN header (invalid zip64 extra data\n field size)\n\n- Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine\n- Including Oracle April 2023 CPU changes\n * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474),\n CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481),\n CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.40\n\n- Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine\n- Including Oracle April 2023 CPU changes\n * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631),\n CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634),\n CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636),\n CVE-2023-21968 (boo#1210637)\n * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.38\n\n- Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine\n * Including Oracle January 2023 CPU changes\n + CVE-2023-21835, boo#1207246\n + CVE-2023-21843, boo#1207248\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.36\n\n- Update to OpenJDK 11.0.17 with OpenJ9 0.35.0 virtual machine\n * Including Oracle October 2022 CPU changes\n CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473),\n CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475),\n CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480)\n * Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676\n * OpenJ9 changes, see \n https://www.eclipse.org/openj9/docs/version0.35\n\n- Update to OpenJDK 11.0.16 with OpenJ9 0.33.0 virtual machine\n * Including Oracle July 2022 CPU changes\n CVE-2022-21540 (boo#1201694), CVE-2022-21541 (boo#1201692),\n CVE-2022-34169 (boo#1201684)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.33\n\n- Update to OpenJDK 11.0.15 with OpenJ9 0.32.0 virtual machine\n * Fixes boo#1198935, CVE-2021-41041: unverified methods can be\n invoked using MethodHandles\n * Including Oracle April 2022 CPU fixes\n CVE-2022-21426 (boo#1198672), CVE-2022-21434 (boo#1198674),\n CVE-2022-21443 (boo#1198675), CVE-2022-21476 (boo#1198671),\n CVE-2022-21496 (boo#1198673)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.32\n\n- Update to OpenJDK 11.0.14.1 with OpenJ9 0.30.1 virtual machine\n * including Oracle January 2022 CPU changes (boo#1194925,\n boo#1194926, boo#1194927, boo#1194928, boo#1194929, boo#1194930,\n boo#1194931, boo#1194932, boo#1194933, boo#1194934, boo#1194935,\n boo#1194937, boo#1194939, boo#1194940, boo#1194941)\n * OpenJ9 changes see\n https://www.eclipse.org/openj9/docs/version0.30.1\n\n- Update to OpenJDK 11.0.13 with OpenJ9 0.29.0 virtual machine\n * including Oracle July 2021 and October 2021 CPU changes\n (boo#1188564, boo#1188565, boo#1188566, boo#1191901,\n boo#1191909, boo#1191910, boo#1191911, boo#1191912,\n boo#1191913, boo#1191903, boo#1191904, boo#1191914,\n boo#1191906)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.29\n\n- Update to OpenJDK 11.0.11 with OpenJ9 0.26.0 virtual machine\n * including Oracle April 2021 CPU changes (boo#1185055 and\n boo#1185056)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.26\n\n- Update to OpenJDK 11.0.10 with OpenJ9 0.24.0 virtual machine\n * including Oracle January 2021 CPU changes (boo#1181239)\n * OpenJ9 changes, see\n https://www.eclipse.org/openj9/docs/version0.24\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2025-66", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_0066-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2025:0066-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GS63GCBRVH7N4JEIZNQAPVFNNVB2OGSU/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2025:0066-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GS63GCBRVH7N4JEIZNQAPVFNNVB2OGSU/", }, { category: "self", summary: "SUSE Bug 1181239", url: "https://bugzilla.suse.com/1181239", }, { category: "self", summary: "SUSE Bug 1185055", url: "https://bugzilla.suse.com/1185055", }, { category: "self", summary: "SUSE Bug 1185056", url: "https://bugzilla.suse.com/1185056", }, { category: "self", summary: "SUSE Bug 1188564", url: "https://bugzilla.suse.com/1188564", }, { category: "self", summary: "SUSE Bug 1188565", url: "https://bugzilla.suse.com/1188565", }, { category: "self", summary: "SUSE Bug 1188566", url: "https://bugzilla.suse.com/1188566", }, { category: "self", summary: "SUSE Bug 1191901", url: "https://bugzilla.suse.com/1191901", }, { category: "self", summary: "SUSE Bug 1191903", url: "https://bugzilla.suse.com/1191903", }, { category: "self", summary: "SUSE Bug 1191904", url: "https://bugzilla.suse.com/1191904", }, { category: "self", summary: "SUSE Bug 1191906", url: "https://bugzilla.suse.com/1191906", }, { category: "self", summary: "SUSE Bug 1191909", url: "https://bugzilla.suse.com/1191909", }, { category: "self", summary: "SUSE Bug 1191910", url: "https://bugzilla.suse.com/1191910", }, { category: "self", summary: "SUSE Bug 1191911", url: "https://bugzilla.suse.com/1191911", }, { category: "self", summary: "SUSE Bug 1191912", url: "https://bugzilla.suse.com/1191912", }, { category: "self", summary: "SUSE Bug 1191913", url: "https://bugzilla.suse.com/1191913", }, { category: "self", summary: "SUSE Bug 1191914", url: "https://bugzilla.suse.com/1191914", }, { category: "self", summary: "SUSE Bug 1194925", url: "https://bugzilla.suse.com/1194925", }, { category: "self", summary: "SUSE Bug 1194926", url: "https://bugzilla.suse.com/1194926", }, { category: "self", summary: "SUSE Bug 1194927", url: "https://bugzilla.suse.com/1194927", }, { category: "self", summary: "SUSE Bug 1194928", url: "https://bugzilla.suse.com/1194928", }, { category: "self", summary: "SUSE Bug 1194929", url: "https://bugzilla.suse.com/1194929", }, { category: "self", summary: "SUSE Bug 1194930", url: "https://bugzilla.suse.com/1194930", }, { category: "self", summary: "SUSE Bug 1194931", url: "https://bugzilla.suse.com/1194931", }, { category: "self", summary: "SUSE Bug 1194932", url: "https://bugzilla.suse.com/1194932", }, { category: "self", summary: "SUSE Bug 1194933", url: "https://bugzilla.suse.com/1194933", }, { category: "self", summary: "SUSE Bug 1194934", url: "https://bugzilla.suse.com/1194934", }, { category: "self", summary: "SUSE Bug 1194935", url: "https://bugzilla.suse.com/1194935", }, { category: "self", summary: "SUSE Bug 1194937", url: "https://bugzilla.suse.com/1194937", }, { category: "self", summary: "SUSE Bug 1194939", url: "https://bugzilla.suse.com/1194939", }, { category: "self", summary: "SUSE Bug 1194940", url: "https://bugzilla.suse.com/1194940", }, { category: "self", summary: "SUSE Bug 1194941", url: "https://bugzilla.suse.com/1194941", }, { category: "self", summary: "SUSE Bug 1198671", url: "https://bugzilla.suse.com/1198671", }, { category: "self", summary: "SUSE Bug 1198672", url: "https://bugzilla.suse.com/1198672", }, { category: "self", summary: "SUSE Bug 1198673", url: "https://bugzilla.suse.com/1198673", }, { category: "self", summary: "SUSE Bug 1198674", url: "https://bugzilla.suse.com/1198674", }, { category: "self", summary: "SUSE Bug 1198675", url: "https://bugzilla.suse.com/1198675", }, { category: "self", summary: "SUSE Bug 1198935", url: "https://bugzilla.suse.com/1198935", }, { category: "self", summary: "SUSE Bug 1201684", url: "https://bugzilla.suse.com/1201684", }, { category: "self", summary: "SUSE Bug 1201692", url: "https://bugzilla.suse.com/1201692", }, { category: "self", summary: "SUSE Bug 1201694", url: "https://bugzilla.suse.com/1201694", }, { category: "self", summary: "SUSE Bug 1204468", url: "https://bugzilla.suse.com/1204468", }, { category: "self", summary: "SUSE Bug 1204471", url: "https://bugzilla.suse.com/1204471", }, { category: "self", summary: "SUSE Bug 1204472", url: "https://bugzilla.suse.com/1204472", }, { category: "self", summary: "SUSE Bug 1204473", url: "https://bugzilla.suse.com/1204473", }, { category: "self", summary: "SUSE Bug 1204475", url: "https://bugzilla.suse.com/1204475", }, { category: "self", summary: "SUSE Bug 1204480", url: "https://bugzilla.suse.com/1204480", }, { category: "self", summary: "SUSE Bug 1204703", url: "https://bugzilla.suse.com/1204703", }, { category: "self", summary: "SUSE Bug 1206549", url: "https://bugzilla.suse.com/1206549", }, { category: "self", summary: "SUSE Bug 1207246", url: "https://bugzilla.suse.com/1207246", }, { category: "self", summary: "SUSE Bug 1207248", url: "https://bugzilla.suse.com/1207248", }, { category: "self", summary: "SUSE Bug 1207922", url: "https://bugzilla.suse.com/1207922", }, { category: "self", summary: "SUSE Bug 1210628", url: "https://bugzilla.suse.com/1210628", }, { category: "self", summary: "SUSE Bug 1210631", url: "https://bugzilla.suse.com/1210631", }, { category: "self", summary: "SUSE Bug 1210632", url: "https://bugzilla.suse.com/1210632", }, { category: "self", summary: "SUSE Bug 1210634", url: "https://bugzilla.suse.com/1210634", }, { category: "self", summary: "SUSE Bug 1210635", url: "https://bugzilla.suse.com/1210635", }, { category: "self", summary: "SUSE Bug 1210636", url: "https://bugzilla.suse.com/1210636", }, { category: "self", summary: "SUSE Bug 1210637", url: "https://bugzilla.suse.com/1210637", }, { category: "self", summary: "SUSE Bug 1211615", url: "https://bugzilla.suse.com/1211615", }, { category: "self", summary: "SUSE Bug 1213470", url: "https://bugzilla.suse.com/1213470", }, { category: "self", summary: "SUSE Bug 1213473", url: "https://bugzilla.suse.com/1213473", }, { category: "self", summary: "SUSE Bug 1213474", url: "https://bugzilla.suse.com/1213474", }, { category: "self", summary: "SUSE Bug 1213475", url: "https://bugzilla.suse.com/1213475", }, { category: "self", summary: "SUSE Bug 1213481", url: "https://bugzilla.suse.com/1213481", }, { category: "self", summary: "SUSE Bug 1213482", url: "https://bugzilla.suse.com/1213482", }, { category: "self", summary: "SUSE Bug 1216374", url: "https://bugzilla.suse.com/1216374", }, { category: "self", summary: "SUSE Bug 1217214", url: "https://bugzilla.suse.com/1217214", }, { category: "self", summary: "SUSE Bug 1218903", url: "https://bugzilla.suse.com/1218903", }, { category: "self", summary: "SUSE Bug 1218905", url: "https://bugzilla.suse.com/1218905", }, { category: "self", summary: "SUSE Bug 1218906", url: "https://bugzilla.suse.com/1218906", }, { category: "self", summary: "SUSE Bug 1218907", url: "https://bugzilla.suse.com/1218907", }, { category: "self", summary: "SUSE Bug 1218909", url: "https://bugzilla.suse.com/1218909", }, { category: "self", summary: "SUSE Bug 1218911", url: "https://bugzilla.suse.com/1218911", }, { category: "self", summary: "SUSE Bug 1222979", url: "https://bugzilla.suse.com/1222979", }, { category: "self", summary: "SUSE Bug 1222983", url: "https://bugzilla.suse.com/1222983", }, { category: "self", summary: "SUSE Bug 1222984", url: "https://bugzilla.suse.com/1222984", }, { category: "self", summary: "SUSE Bug 1222986", url: "https://bugzilla.suse.com/1222986", }, { category: "self", summary: "SUSE Bug 1222987", url: "https://bugzilla.suse.com/1222987", }, { category: "self", summary: "SUSE Bug 1225470", url: "https://bugzilla.suse.com/1225470", }, { category: "self", summary: "SUSE Bug 1228046", url: "https://bugzilla.suse.com/1228046", }, { category: "self", summary: "SUSE Bug 1228047", url: "https://bugzilla.suse.com/1228047", }, { category: "self", summary: "SUSE Bug 1228048", url: "https://bugzilla.suse.com/1228048", }, { category: "self", summary: "SUSE Bug 1228050", url: "https://bugzilla.suse.com/1228050", }, { category: "self", summary: "SUSE Bug 1228051", url: "https://bugzilla.suse.com/1228051", }, { category: "self", summary: "SUSE Bug 1228052", url: "https://bugzilla.suse.com/1228052", }, { category: "self", summary: "SUSE Bug 1231702", url: "https://bugzilla.suse.com/1231702", }, { category: "self", summary: "SUSE Bug 1231711", url: "https://bugzilla.suse.com/1231711", }, { category: "self", summary: "SUSE Bug 1231716", url: "https://bugzilla.suse.com/1231716", }, { category: "self", summary: "SUSE Bug 1231719", url: "https://bugzilla.suse.com/1231719", }, { category: "self", summary: "SUSE Bug 1236278", url: "https://bugzilla.suse.com/1236278", }, { category: "self", summary: "SUSE Bug 1236804", url: "https://bugzilla.suse.com/1236804", }, { category: "self", summary: "SUSE CVE CVE-2020-14803 page", url: "https://www.suse.com/security/cve/CVE-2020-14803/", }, { category: "self", summary: "SUSE CVE CVE-2021-41041 page", url: "https://www.suse.com/security/cve/CVE-2021-41041/", }, { category: "self", summary: "SUSE CVE CVE-2022-21426 page", url: "https://www.suse.com/security/cve/CVE-2022-21426/", }, { category: "self", summary: "SUSE CVE CVE-2022-21434 page", url: "https://www.suse.com/security/cve/CVE-2022-21434/", }, { category: "self", summary: "SUSE CVE CVE-2022-21443 page", url: "https://www.suse.com/security/cve/CVE-2022-21443/", }, { category: "self", summary: "SUSE CVE CVE-2022-21476 page", url: "https://www.suse.com/security/cve/CVE-2022-21476/", }, { category: "self", summary: "SUSE CVE CVE-2022-21496 page", url: "https://www.suse.com/security/cve/CVE-2022-21496/", }, { category: "self", summary: "SUSE CVE CVE-2022-21540 page", url: "https://www.suse.com/security/cve/CVE-2022-21540/", }, { category: "self", summary: "SUSE CVE CVE-2022-21541 page", url: "https://www.suse.com/security/cve/CVE-2022-21541/", }, { category: "self", summary: "SUSE CVE CVE-2022-21618 page", url: "https://www.suse.com/security/cve/CVE-2022-21618/", }, { category: "self", summary: "SUSE CVE CVE-2022-21619 page", url: "https://www.suse.com/security/cve/CVE-2022-21619/", }, { category: "self", summary: "SUSE CVE CVE-2022-21624 page", url: "https://www.suse.com/security/cve/CVE-2022-21624/", }, { category: "self", summary: "SUSE CVE CVE-2022-21626 page", url: "https://www.suse.com/security/cve/CVE-2022-21626/", }, { category: "self", summary: "SUSE CVE CVE-2022-21628 page", url: "https://www.suse.com/security/cve/CVE-2022-21628/", }, { category: "self", summary: "SUSE CVE CVE-2022-34169 page", url: "https://www.suse.com/security/cve/CVE-2022-34169/", }, { category: "self", summary: "SUSE CVE CVE-2022-3676 page", url: "https://www.suse.com/security/cve/CVE-2022-3676/", }, { category: "self", summary: "SUSE CVE CVE-2022-39399 page", url: "https://www.suse.com/security/cve/CVE-2022-39399/", }, { category: "self", summary: "SUSE CVE CVE-2023-21835 page", url: "https://www.suse.com/security/cve/CVE-2023-21835/", }, { category: "self", summary: "SUSE CVE CVE-2023-21843 page", url: "https://www.suse.com/security/cve/CVE-2023-21843/", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21937 page", url: "https://www.suse.com/security/cve/CVE-2023-21937/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21939 page", url: "https://www.suse.com/security/cve/CVE-2023-21939/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21967 page", url: "https://www.suse.com/security/cve/CVE-2023-21967/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-22006 page", url: "https://www.suse.com/security/cve/CVE-2023-22006/", }, { category: "self", summary: "SUSE CVE CVE-2023-22036 page", url: "https://www.suse.com/security/cve/CVE-2023-22036/", }, { category: "self", summary: "SUSE CVE CVE-2023-22041 page", url: "https://www.suse.com/security/cve/CVE-2023-22041/", }, { category: "self", summary: "SUSE CVE CVE-2023-22045 page", url: "https://www.suse.com/security/cve/CVE-2023-22045/", }, { category: "self", summary: "SUSE CVE CVE-2023-22049 page", url: "https://www.suse.com/security/cve/CVE-2023-22049/", }, { category: "self", summary: "SUSE CVE CVE-2023-22081 page", url: "https://www.suse.com/security/cve/CVE-2023-22081/", }, { category: "self", summary: "SUSE CVE CVE-2023-25193 page", url: "https://www.suse.com/security/cve/CVE-2023-25193/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, { category: "self", summary: "SUSE CVE CVE-2023-5676 page", url: "https://www.suse.com/security/cve/CVE-2023-5676/", }, { category: "self", summary: "SUSE CVE CVE-2024-20918 page", url: "https://www.suse.com/security/cve/CVE-2024-20918/", }, { category: "self", summary: "SUSE CVE CVE-2024-20919 page", url: "https://www.suse.com/security/cve/CVE-2024-20919/", }, { category: "self", summary: "SUSE CVE CVE-2024-20921 page", url: "https://www.suse.com/security/cve/CVE-2024-20921/", }, { category: "self", summary: "SUSE CVE CVE-2024-20926 page", url: "https://www.suse.com/security/cve/CVE-2024-20926/", }, { category: "self", summary: "SUSE CVE CVE-2024-20945 page", url: "https://www.suse.com/security/cve/CVE-2024-20945/", }, { category: "self", summary: "SUSE CVE CVE-2024-20952 page", url: "https://www.suse.com/security/cve/CVE-2024-20952/", }, { category: "self", summary: "SUSE CVE CVE-2024-21011 page", url: "https://www.suse.com/security/cve/CVE-2024-21011/", }, { category: "self", summary: "SUSE CVE CVE-2024-21012 page", url: "https://www.suse.com/security/cve/CVE-2024-21012/", }, { category: "self", summary: "SUSE CVE CVE-2024-21068 page", url: "https://www.suse.com/security/cve/CVE-2024-21068/", }, { category: "self", summary: "SUSE CVE CVE-2024-21085 page", url: "https://www.suse.com/security/cve/CVE-2024-21085/", }, { category: "self", summary: "SUSE CVE CVE-2024-21094 page", url: "https://www.suse.com/security/cve/CVE-2024-21094/", }, { category: "self", summary: "SUSE CVE CVE-2024-21131 page", url: "https://www.suse.com/security/cve/CVE-2024-21131/", }, { category: "self", summary: "SUSE CVE CVE-2024-21138 page", url: "https://www.suse.com/security/cve/CVE-2024-21138/", }, { category: "self", summary: "SUSE CVE CVE-2024-21140 page", url: "https://www.suse.com/security/cve/CVE-2024-21140/", }, { category: "self", summary: "SUSE CVE CVE-2024-21144 page", url: "https://www.suse.com/security/cve/CVE-2024-21144/", }, { category: "self", summary: "SUSE CVE CVE-2024-21145 page", url: "https://www.suse.com/security/cve/CVE-2024-21145/", }, { category: "self", summary: "SUSE CVE CVE-2024-21147 page", url: "https://www.suse.com/security/cve/CVE-2024-21147/", }, { category: "self", summary: "SUSE CVE CVE-2024-21208 page", url: "https://www.suse.com/security/cve/CVE-2024-21208/", }, { category: "self", summary: "SUSE CVE CVE-2024-21210 page", url: "https://www.suse.com/security/cve/CVE-2024-21210/", }, { category: "self", summary: "SUSE CVE CVE-2024-21217 page", url: "https://www.suse.com/security/cve/CVE-2024-21217/", }, { category: "self", summary: "SUSE CVE CVE-2024-21235 page", url: "https://www.suse.com/security/cve/CVE-2024-21235/", }, { category: "self", summary: "SUSE CVE CVE-2024-3933 page", url: "https://www.suse.com/security/cve/CVE-2024-3933/", }, { category: "self", summary: "SUSE CVE CVE-2025-21502 page", url: "https://www.suse.com/security/cve/CVE-2025-21502/", }, ], title: "Security update for java-11-openj9", tracking: { current_release_date: "2025-02-18T16:58:15Z", generator: { date: "2025-02-18T16:58:15Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2025:0066-1", initial_release_date: "2025-02-18T16:58:15Z", revision_history: [ { date: "2025-02-18T16:58:15Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", product: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", product_id: "java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", product: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", product_id: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", product: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", product_id: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", product: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", product_id: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", product: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", product_id: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", product: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", product_id: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", product: { name: "java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", product_id: "java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", product: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", product_id: "java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", product: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", product_id: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", product: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", product_id: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", product: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", product_id: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", product: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", product_id: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", product: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", product_id: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", product: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", product_id: "java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", product: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", product_id: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", product: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", product_id: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", product: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", product_id: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", product: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", product_id: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", product: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", product_id: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", product: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", product_id: "java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", product: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", product_id: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", product: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", product_id: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", product: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", product_id: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", product: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", product_id: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", product: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", product_id: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP6", product: { name: "SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6", }, }, { category: "product_name", name: "openSUSE Leap 15.6", product: { name: "openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.6", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", }, product_reference: "java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6", product_id: "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", }, product_reference: "java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.6", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6", product_id: "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", }, product_reference: "java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.6", }, ], }, vulnerabilities: [ { cve: "CVE-2020-14803", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14803", }, ], notes: [ { category: "general", text: "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14803", url: "https://www.suse.com/security/cve/CVE-2020-14803", }, { category: "external", summary: "SUSE Bug 1177943 for CVE-2020-14803", url: "https://bugzilla.suse.com/1177943", }, { category: "external", summary: "SUSE Bug 1181239 for CVE-2020-14803", url: "https://bugzilla.suse.com/1181239", }, { category: "external", summary: "SUSE Bug 1182186 for CVE-2020-14803", url: "https://bugzilla.suse.com/1182186", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2020-14803", }, { cve: "CVE-2021-41041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41041", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41041", url: "https://www.suse.com/security/cve/CVE-2021-41041", }, { category: "external", summary: "SUSE Bug 1198935 for CVE-2021-41041", url: "https://bugzilla.suse.com/1198935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2021-41041", }, { cve: "CVE-2022-21426", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21426", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21426", url: "https://www.suse.com/security/cve/CVE-2022-21426", }, { category: "external", summary: "SUSE Bug 1198672 for CVE-2022-21426", url: "https://bugzilla.suse.com/1198672", }, { category: "external", summary: "SUSE Bug 1201643 for CVE-2022-21426", url: "https://bugzilla.suse.com/1201643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21426", }, { cve: "CVE-2022-21434", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21434", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21434", url: "https://www.suse.com/security/cve/CVE-2022-21434", }, { category: "external", summary: "SUSE Bug 1198674 for CVE-2022-21434", url: "https://bugzilla.suse.com/1198674", }, { category: "external", summary: "SUSE Bug 1201643 for CVE-2022-21434", url: "https://bugzilla.suse.com/1201643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21434", }, { cve: "CVE-2022-21443", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21443", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21443", url: "https://www.suse.com/security/cve/CVE-2022-21443", }, { category: "external", summary: "SUSE Bug 1198675 for CVE-2022-21443", url: "https://bugzilla.suse.com/1198675", }, { category: "external", summary: "SUSE Bug 1201643 for CVE-2022-21443", url: "https://bugzilla.suse.com/1201643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2022-21443", }, { cve: "CVE-2022-21476", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21476", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21476", url: "https://www.suse.com/security/cve/CVE-2022-21476", }, { category: "external", summary: "SUSE Bug 1198671 for CVE-2022-21476", url: "https://bugzilla.suse.com/1198671", }, { category: "external", summary: "SUSE Bug 1201643 for CVE-2022-21476", url: "https://bugzilla.suse.com/1201643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "important", }, ], title: "CVE-2022-21476", }, { cve: "CVE-2022-21496", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21496", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21496", url: "https://www.suse.com/security/cve/CVE-2022-21496", }, { category: "external", summary: "SUSE Bug 1198673 for CVE-2022-21496", url: "https://bugzilla.suse.com/1198673", }, { category: "external", summary: "SUSE Bug 1201643 for CVE-2022-21496", url: "https://bugzilla.suse.com/1201643", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21496", }, { cve: "CVE-2022-21540", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21540", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21540", url: "https://www.suse.com/security/cve/CVE-2022-21540", }, { category: "external", summary: "SUSE Bug 1201694 for CVE-2022-21540", url: "https://bugzilla.suse.com/1201694", }, { category: "external", summary: "SUSE Bug 1202427 for CVE-2022-21540", url: "https://bugzilla.suse.com/1202427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21540", }, { cve: "CVE-2022-21541", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21541", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21541", url: "https://www.suse.com/security/cve/CVE-2022-21541", }, { category: "external", summary: "SUSE Bug 1201692 for CVE-2022-21541", url: "https://bugzilla.suse.com/1201692", }, { category: "external", summary: "SUSE Bug 1202427 for CVE-2022-21541", url: "https://bugzilla.suse.com/1202427", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21541", }, { cve: "CVE-2022-21618", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21618", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21618", url: "https://www.suse.com/security/cve/CVE-2022-21618", }, { category: "external", summary: "SUSE Bug 1204468 for CVE-2022-21618", url: "https://bugzilla.suse.com/1204468", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21618", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21618", }, { cve: "CVE-2022-21619", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21619", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21619", url: "https://www.suse.com/security/cve/CVE-2022-21619", }, { category: "external", summary: "SUSE Bug 1204473 for CVE-2022-21619", url: "https://bugzilla.suse.com/1204473", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21619", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2022-21619", }, { cve: "CVE-2022-21624", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21624", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21624", url: "https://www.suse.com/security/cve/CVE-2022-21624", }, { category: "external", summary: "SUSE Bug 1204475 for CVE-2022-21624", url: "https://bugzilla.suse.com/1204475", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21624", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2022-21624", }, { cve: "CVE-2022-21626", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21626", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21626", url: "https://www.suse.com/security/cve/CVE-2022-21626", }, { category: "external", summary: "SUSE Bug 1204471 for CVE-2022-21626", url: "https://bugzilla.suse.com/1204471", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21626", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21626", }, { cve: "CVE-2022-21628", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-21628", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-21628", url: "https://www.suse.com/security/cve/CVE-2022-21628", }, { category: "external", summary: "SUSE Bug 1204472 for CVE-2022-21628", url: "https://bugzilla.suse.com/1204472", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-21628", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-21628", }, { cve: "CVE-2022-34169", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-34169", }, ], notes: [ { category: "general", text: "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-34169", url: "https://www.suse.com/security/cve/CVE-2022-34169", }, { category: "external", summary: "SUSE Bug 1201684 for CVE-2022-34169", url: "https://bugzilla.suse.com/1201684", }, { category: "external", summary: "SUSE Bug 1202427 for CVE-2022-34169", url: "https://bugzilla.suse.com/1202427", }, { category: "external", summary: "SUSE Bug 1207688 for CVE-2022-34169", url: "https://bugzilla.suse.com/1207688", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "important", }, ], title: "CVE-2022-34169", }, { cve: "CVE-2022-3676", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-3676", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-3676", url: "https://www.suse.com/security/cve/CVE-2022-3676", }, { category: "external", summary: "SUSE Bug 1204703 for CVE-2022-3676", url: "https://bugzilla.suse.com/1204703", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2022-3676", }, { cve: "CVE-2022-39399", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-39399", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-39399", url: "https://www.suse.com/security/cve/CVE-2022-39399", }, { category: "external", summary: "SUSE Bug 1204480 for CVE-2022-39399", url: "https://bugzilla.suse.com/1204480", }, { category: "external", summary: "SUSE Bug 1205302 for CVE-2022-39399", url: "https://bugzilla.suse.com/1205302", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2022-39399", }, { cve: "CVE-2023-21835", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21835", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21835", url: "https://www.suse.com/security/cve/CVE-2023-21835", }, { category: "external", summary: "SUSE Bug 1207246 for CVE-2023-21835", url: "https://bugzilla.suse.com/1207246", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-21835", }, { cve: "CVE-2023-21843", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21843", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21843", url: "https://www.suse.com/security/cve/CVE-2023-21843", }, { category: "external", summary: "SUSE Bug 1207248 for CVE-2023-21843", url: "https://bugzilla.suse.com/1207248", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-21843", }, { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21937", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21937", url: "https://www.suse.com/security/cve/CVE-2023-21937", }, { category: "external", summary: "SUSE Bug 1210631 for CVE-2023-21937", url: "https://bugzilla.suse.com/1210631", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21939", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21939", url: "https://www.suse.com/security/cve/CVE-2023-21939", }, { category: "external", summary: "SUSE Bug 1210634 for CVE-2023-21939", url: "https://bugzilla.suse.com/1210634", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-21939", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21967", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21967", url: "https://www.suse.com/security/cve/CVE-2023-21967", }, { category: "external", summary: "SUSE Bug 1210636 for CVE-2023-21967", url: "https://bugzilla.suse.com/1210636", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-22006", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22006", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22006", url: "https://www.suse.com/security/cve/CVE-2023-22006", }, { category: "external", summary: "SUSE Bug 1213473 for CVE-2023-22006", url: "https://bugzilla.suse.com/1213473", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-22006", }, { cve: "CVE-2023-22036", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22036", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22036", url: "https://www.suse.com/security/cve/CVE-2023-22036", }, { category: "external", summary: "SUSE Bug 1213474 for CVE-2023-22036", url: "https://bugzilla.suse.com/1213474", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-22036", }, { cve: "CVE-2023-22041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22041", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22041", url: "https://www.suse.com/security/cve/CVE-2023-22041", }, { category: "external", summary: "SUSE Bug 1213475 for CVE-2023-22041", url: "https://bugzilla.suse.com/1213475", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-22041", }, { cve: "CVE-2023-22045", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22045", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22045", url: "https://www.suse.com/security/cve/CVE-2023-22045", }, { category: "external", summary: "SUSE Bug 1213481 for CVE-2023-22045", url: "https://bugzilla.suse.com/1213481", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-22045", }, { cve: "CVE-2023-22049", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22049", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22049", url: "https://www.suse.com/security/cve/CVE-2023-22049", }, { category: "external", summary: "SUSE Bug 1213482 for CVE-2023-22049", url: "https://bugzilla.suse.com/1213482", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2023-22049", }, { cve: "CVE-2023-22081", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22081", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22081", url: "https://www.suse.com/security/cve/CVE-2023-22081", }, { category: "external", summary: "SUSE Bug 1216374 for CVE-2023-22081", url: "https://bugzilla.suse.com/1216374", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-22081", }, { cve: "CVE-2023-25193", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-25193", }, ], notes: [ { category: "general", text: "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-25193", url: "https://www.suse.com/security/cve/CVE-2023-25193", }, { category: "external", summary: "SUSE Bug 1207922 for CVE-2023-25193", url: "https://bugzilla.suse.com/1207922", }, { category: "external", summary: "SUSE Bug 1213939 for CVE-2023-25193", url: "https://bugzilla.suse.com/1213939", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "important", }, ], title: "CVE-2023-25193", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-2597", }, { cve: "CVE-2023-5676", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-5676", }, ], notes: [ { category: "general", text: "In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing.\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-5676", url: "https://www.suse.com/security/cve/CVE-2023-5676", }, { category: "external", summary: "SUSE Bug 1217214 for CVE-2023-5676", url: "https://bugzilla.suse.com/1217214", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2023-5676", }, { cve: "CVE-2024-20918", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20918", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20918", url: "https://www.suse.com/security/cve/CVE-2024-20918", }, { category: "external", summary: "SUSE Bug 1218907 for CVE-2024-20918", url: "https://bugzilla.suse.com/1218907", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20918", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "important", }, ], title: "CVE-2024-20918", }, { cve: "CVE-2024-20919", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20919", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20919", url: "https://www.suse.com/security/cve/CVE-2024-20919", }, { category: "external", summary: "SUSE Bug 1218903 for CVE-2024-20919", url: "https://bugzilla.suse.com/1218903", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20919", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-20919", }, { cve: "CVE-2024-20921", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20921", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20921", url: "https://www.suse.com/security/cve/CVE-2024-20921", }, { category: "external", summary: "SUSE Bug 1218905 for CVE-2024-20921", url: "https://bugzilla.suse.com/1218905", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20921", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-20921", }, { cve: "CVE-2024-20926", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20926", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20926", url: "https://www.suse.com/security/cve/CVE-2024-20926", }, { category: "external", summary: "SUSE Bug 1218906 for CVE-2024-20926", url: "https://bugzilla.suse.com/1218906", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20926", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-20926", }, { cve: "CVE-2024-20945", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20945", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20945", url: "https://www.suse.com/security/cve/CVE-2024-20945", }, { category: "external", summary: "SUSE Bug 1218909 for CVE-2024-20945", url: "https://bugzilla.suse.com/1218909", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20945", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-20945", }, { cve: "CVE-2024-20952", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-20952", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-20952", url: "https://www.suse.com/security/cve/CVE-2024-20952", }, { category: "external", summary: "SUSE Bug 1218911 for CVE-2024-20952", url: "https://bugzilla.suse.com/1218911", }, { category: "external", summary: "SUSE Bug 1219843 for CVE-2024-20952", url: "https://bugzilla.suse.com/1219843", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "important", }, ], title: "CVE-2024-20952", }, { cve: "CVE-2024-21011", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21011", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21011", url: "https://www.suse.com/security/cve/CVE-2024-21011", }, { category: "external", summary: "SUSE Bug 1222979 for CVE-2024-21011", url: "https://bugzilla.suse.com/1222979", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21011", }, { cve: "CVE-2024-21012", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21012", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21012", url: "https://www.suse.com/security/cve/CVE-2024-21012", }, { category: "external", summary: "SUSE Bug 1222987 for CVE-2024-21012", url: "https://bugzilla.suse.com/1222987", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21012", }, { cve: "CVE-2024-21068", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21068", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21068", url: "https://www.suse.com/security/cve/CVE-2024-21068", }, { category: "external", summary: "SUSE Bug 1222983 for CVE-2024-21068", url: "https://bugzilla.suse.com/1222983", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21068", }, { cve: "CVE-2024-21085", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21085", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21085", url: "https://www.suse.com/security/cve/CVE-2024-21085", }, { category: "external", summary: "SUSE Bug 1222984 for CVE-2024-21085", url: "https://bugzilla.suse.com/1222984", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21085", }, { cve: "CVE-2024-21094", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21094", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21094", url: "https://www.suse.com/security/cve/CVE-2024-21094", }, { category: "external", summary: "SUSE Bug 1222986 for CVE-2024-21094", url: "https://bugzilla.suse.com/1222986", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21094", }, { cve: "CVE-2024-21131", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21131", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21131", url: "https://www.suse.com/security/cve/CVE-2024-21131", }, { category: "external", summary: "SUSE Bug 1228046 for CVE-2024-21131", url: "https://bugzilla.suse.com/1228046", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21131", }, { cve: "CVE-2024-21138", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21138", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21138", url: "https://www.suse.com/security/cve/CVE-2024-21138", }, { category: "external", summary: "SUSE Bug 1228047 for CVE-2024-21138", url: "https://bugzilla.suse.com/1228047", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21138", }, { cve: "CVE-2024-21140", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21140", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21140", url: "https://www.suse.com/security/cve/CVE-2024-21140", }, { category: "external", summary: "SUSE Bug 1228048 for CVE-2024-21140", url: "https://bugzilla.suse.com/1228048", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-21140", }, { cve: "CVE-2024-21144", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21144", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21144", url: "https://www.suse.com/security/cve/CVE-2024-21144", }, { category: "external", summary: "SUSE Bug 1228050 for CVE-2024-21144", url: "https://bugzilla.suse.com/1228050", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "low", }, ], title: "CVE-2024-21144", }, { cve: "CVE-2024-21145", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21145", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21145", url: "https://www.suse.com/security/cve/CVE-2024-21145", }, { category: "external", summary: "SUSE Bug 1228051 for CVE-2024-21145", url: "https://bugzilla.suse.com/1228051", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-21145", }, { cve: "CVE-2024-21147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21147", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21147", url: "https://www.suse.com/security/cve/CVE-2024-21147", }, { category: "external", summary: "SUSE Bug 1228052 for CVE-2024-21147", url: "https://bugzilla.suse.com/1228052", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "important", }, ], title: "CVE-2024-21147", }, { cve: "CVE-2024-21208", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21208", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21208", url: "https://www.suse.com/security/cve/CVE-2024-21208", }, { category: "external", summary: "SUSE Bug 1231702 for CVE-2024-21208", url: "https://bugzilla.suse.com/1231702", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-21208", }, { cve: "CVE-2024-21210", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21210", }, ], notes: [ { category: "general", text: "Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21210", url: "https://www.suse.com/security/cve/CVE-2024-21210", }, { category: "external", summary: "SUSE Bug 1231711 for CVE-2024-21210", url: "https://bugzilla.suse.com/1231711", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-21210", }, { cve: "CVE-2024-21217", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21217", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21217", url: "https://www.suse.com/security/cve/CVE-2024-21217", }, { category: "external", summary: "SUSE Bug 1231716 for CVE-2024-21217", url: "https://bugzilla.suse.com/1231716", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-21217", }, { cve: "CVE-2024-21235", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-21235", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-21235", url: "https://www.suse.com/security/cve/CVE-2024-21235", }, { category: "external", summary: "SUSE Bug 1231719 for CVE-2024-21235", url: "https://bugzilla.suse.com/1231719", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-21235", }, { cve: "CVE-2024-3933", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-3933", }, ], notes: [ { category: "general", text: "In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-3933", url: "https://www.suse.com/security/cve/CVE-2024-3933", }, { category: "external", summary: "SUSE Bug 1225470 for CVE-2024-3933", url: "https://bugzilla.suse.com/1225470", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2024-3933", }, { cve: "CVE-2025-21502", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2025-21502", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2025-21502", url: "https://www.suse.com/security/cve/CVE-2025-21502", }, { category: "external", summary: "SUSE Bug 1236278 for CVE-2025-21502", url: "https://bugzilla.suse.com/1236278", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "SUSE Package Hub 15 SP6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-demo-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-devel-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-headless-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-javadoc-11.0.26.0-bp156.4.3.1.noarch", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-jmods-11.0.26.0-bp156.4.3.1.x86_64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.aarch64", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.ppc64le", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.s390x", "openSUSE Leap 15.6:java-11-openj9-src-11.0.26.0-bp156.4.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2025-02-18T16:58:15Z", details: "moderate", }, ], title: "CVE-2025-21502", }, ], }
opensuse-su-2024:13130-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
java-11-openj9-11.0.20.0-1.1 on GA media
Notes
Title of the patch
java-11-openj9-11.0.20.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the java-11-openj9-11.0.20.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13130
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "java-11-openj9-11.0.20.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the java-11-openj9-11.0.20.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13130", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13130-1.json", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-22006 page", url: "https://www.suse.com/security/cve/CVE-2023-22006/", }, { category: "self", summary: "SUSE CVE CVE-2023-22041 page", url: "https://www.suse.com/security/cve/CVE-2023-22041/", }, { category: "self", summary: "SUSE CVE CVE-2023-22049 page", url: "https://www.suse.com/security/cve/CVE-2023-22049/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, ], title: "java-11-openj9-11.0.20.0-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13130-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-11-openj9-11.0.20.0-1.1.aarch64", product: { name: "java-11-openj9-11.0.20.0-1.1.aarch64", product_id: "java-11-openj9-11.0.20.0-1.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.20.0-1.1.aarch64", product: { name: "java-11-openj9-demo-11.0.20.0-1.1.aarch64", product_id: "java-11-openj9-demo-11.0.20.0-1.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.20.0-1.1.aarch64", product: { name: "java-11-openj9-devel-11.0.20.0-1.1.aarch64", product_id: "java-11-openj9-devel-11.0.20.0-1.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.20.0-1.1.aarch64", product: { name: "java-11-openj9-headless-11.0.20.0-1.1.aarch64", product_id: "java-11-openj9-headless-11.0.20.0-1.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", product: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", product_id: "java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.20.0-1.1.aarch64", product: { name: "java-11-openj9-jmods-11.0.20.0-1.1.aarch64", product_id: "java-11-openj9-jmods-11.0.20.0-1.1.aarch64", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.20.0-1.1.aarch64", product: { name: "java-11-openj9-src-11.0.20.0-1.1.aarch64", product_id: "java-11-openj9-src-11.0.20.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-11-openj9-11.0.20.0-1.1.ppc64le", product: { name: "java-11-openj9-11.0.20.0-1.1.ppc64le", product_id: "java-11-openj9-11.0.20.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.20.0-1.1.ppc64le", product: { name: "java-11-openj9-demo-11.0.20.0-1.1.ppc64le", product_id: "java-11-openj9-demo-11.0.20.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.20.0-1.1.ppc64le", product: { name: "java-11-openj9-devel-11.0.20.0-1.1.ppc64le", product_id: "java-11-openj9-devel-11.0.20.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.20.0-1.1.ppc64le", product: { name: "java-11-openj9-headless-11.0.20.0-1.1.ppc64le", product_id: "java-11-openj9-headless-11.0.20.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", product: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", product_id: "java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", product: { name: "java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", product_id: "java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.20.0-1.1.ppc64le", product: { name: "java-11-openj9-src-11.0.20.0-1.1.ppc64le", product_id: "java-11-openj9-src-11.0.20.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-11-openj9-11.0.20.0-1.1.s390x", product: { name: "java-11-openj9-11.0.20.0-1.1.s390x", product_id: "java-11-openj9-11.0.20.0-1.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.20.0-1.1.s390x", product: { name: "java-11-openj9-demo-11.0.20.0-1.1.s390x", product_id: "java-11-openj9-demo-11.0.20.0-1.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.20.0-1.1.s390x", product: { name: "java-11-openj9-devel-11.0.20.0-1.1.s390x", product_id: "java-11-openj9-devel-11.0.20.0-1.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.20.0-1.1.s390x", product: { name: "java-11-openj9-headless-11.0.20.0-1.1.s390x", product_id: "java-11-openj9-headless-11.0.20.0-1.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-javadoc-11.0.20.0-1.1.s390x", product: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.s390x", product_id: "java-11-openj9-javadoc-11.0.20.0-1.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.20.0-1.1.s390x", product: { name: "java-11-openj9-jmods-11.0.20.0-1.1.s390x", product_id: "java-11-openj9-jmods-11.0.20.0-1.1.s390x", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.20.0-1.1.s390x", product: { name: "java-11-openj9-src-11.0.20.0-1.1.s390x", product_id: "java-11-openj9-src-11.0.20.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-11-openj9-11.0.20.0-1.1.x86_64", product: { name: "java-11-openj9-11.0.20.0-1.1.x86_64", product_id: "java-11-openj9-11.0.20.0-1.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-demo-11.0.20.0-1.1.x86_64", product: { name: "java-11-openj9-demo-11.0.20.0-1.1.x86_64", product_id: "java-11-openj9-demo-11.0.20.0-1.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-devel-11.0.20.0-1.1.x86_64", product: { name: "java-11-openj9-devel-11.0.20.0-1.1.x86_64", product_id: "java-11-openj9-devel-11.0.20.0-1.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-headless-11.0.20.0-1.1.x86_64", product: { name: "java-11-openj9-headless-11.0.20.0-1.1.x86_64", product_id: "java-11-openj9-headless-11.0.20.0-1.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", product: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", product_id: "java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-jmods-11.0.20.0-1.1.x86_64", product: { name: "java-11-openj9-jmods-11.0.20.0-1.1.x86_64", product_id: "java-11-openj9-jmods-11.0.20.0-1.1.x86_64", }, }, { category: "product_version", name: "java-11-openj9-src-11.0.20.0-1.1.x86_64", product: { name: "java-11-openj9-src-11.0.20.0-1.1.x86_64", product_id: "java-11-openj9-src-11.0.20.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.20.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", }, product_reference: "java-11-openj9-11.0.20.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.20.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", }, product_reference: "java-11-openj9-11.0.20.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.20.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", }, product_reference: "java-11-openj9-11.0.20.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-11.0.20.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", }, product_reference: "java-11-openj9-11.0.20.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.20.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", }, product_reference: "java-11-openj9-demo-11.0.20.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.20.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", }, product_reference: "java-11-openj9-demo-11.0.20.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.20.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", }, product_reference: "java-11-openj9-demo-11.0.20.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-demo-11.0.20.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", }, product_reference: "java-11-openj9-demo-11.0.20.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.20.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", }, product_reference: "java-11-openj9-devel-11.0.20.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.20.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", }, product_reference: "java-11-openj9-devel-11.0.20.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.20.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", }, product_reference: "java-11-openj9-devel-11.0.20.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-devel-11.0.20.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", }, product_reference: "java-11-openj9-devel-11.0.20.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.20.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", }, product_reference: "java-11-openj9-headless-11.0.20.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.20.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", }, product_reference: "java-11-openj9-headless-11.0.20.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.20.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", }, product_reference: "java-11-openj9-headless-11.0.20.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-headless-11.0.20.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", }, product_reference: "java-11-openj9-headless-11.0.20.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", }, product_reference: "java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", }, product_reference: "java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", }, product_reference: "java-11-openj9-javadoc-11.0.20.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-javadoc-11.0.20.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", }, product_reference: "java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.20.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", }, product_reference: "java-11-openj9-jmods-11.0.20.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.20.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", }, product_reference: "java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.20.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", }, product_reference: "java-11-openj9-jmods-11.0.20.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-jmods-11.0.20.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", }, product_reference: "java-11-openj9-jmods-11.0.20.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.20.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", }, product_reference: "java-11-openj9-src-11.0.20.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.20.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", }, product_reference: "java-11-openj9-src-11.0.20.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.20.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", }, product_reference: "java-11-openj9-src-11.0.20.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-11-openj9-src-11.0.20.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", }, product_reference: "java-11-openj9-src-11.0.20.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-22006", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22006", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22006", url: "https://www.suse.com/security/cve/CVE-2023-22006", }, { category: "external", summary: "SUSE Bug 1213473 for CVE-2023-22006", url: "https://bugzilla.suse.com/1213473", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-22006", }, { cve: "CVE-2023-22041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22041", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22041", url: "https://www.suse.com/security/cve/CVE-2023-22041", }, { category: "external", summary: "SUSE Bug 1213475 for CVE-2023-22041", url: "https://bugzilla.suse.com/1213475", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-22041", }, { cve: "CVE-2023-22049", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22049", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22049", url: "https://www.suse.com/security/cve/CVE-2023-22049", }, { category: "external", summary: "SUSE Bug 1213482 for CVE-2023-22049", url: "https://bugzilla.suse.com/1213482", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-22049", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-demo-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-devel-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-headless-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-javadoc-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-jmods-11.0.20.0-1.1.x86_64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.aarch64", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.ppc64le", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.s390x", "openSUSE Tumbleweed:java-11-openj9-src-11.0.20.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-2597", }, ], }
opensuse-su-2024:13131-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
java-17-openj9-17.0.8.0-1.1 on GA media
Notes
Title of the patch
java-17-openj9-17.0.8.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the java-17-openj9-17.0.8.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13131
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "java-17-openj9-17.0.8.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the java-17-openj9-17.0.8.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13131", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13131-1.json", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-22006 page", url: "https://www.suse.com/security/cve/CVE-2023-22006/", }, { category: "self", summary: "SUSE CVE CVE-2023-22041 page", url: "https://www.suse.com/security/cve/CVE-2023-22041/", }, { category: "self", summary: "SUSE CVE CVE-2023-22045 page", url: "https://www.suse.com/security/cve/CVE-2023-22045/", }, { category: "self", summary: "SUSE CVE CVE-2023-25193 page", url: "https://www.suse.com/security/cve/CVE-2023-25193/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, ], title: "java-17-openj9-17.0.8.0-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13131-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-17-openj9-17.0.8.0-1.1.aarch64", product: { name: "java-17-openj9-17.0.8.0-1.1.aarch64", product_id: "java-17-openj9-17.0.8.0-1.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.8.0-1.1.aarch64", product: { name: "java-17-openj9-demo-17.0.8.0-1.1.aarch64", product_id: "java-17-openj9-demo-17.0.8.0-1.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.8.0-1.1.aarch64", product: { name: "java-17-openj9-devel-17.0.8.0-1.1.aarch64", product_id: "java-17-openj9-devel-17.0.8.0-1.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.8.0-1.1.aarch64", product: { name: "java-17-openj9-headless-17.0.8.0-1.1.aarch64", product_id: "java-17-openj9-headless-17.0.8.0-1.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", product: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", product_id: "java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.8.0-1.1.aarch64", product: { name: "java-17-openj9-jmods-17.0.8.0-1.1.aarch64", product_id: "java-17-openj9-jmods-17.0.8.0-1.1.aarch64", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.8.0-1.1.aarch64", product: { name: "java-17-openj9-src-17.0.8.0-1.1.aarch64", product_id: "java-17-openj9-src-17.0.8.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-17-openj9-17.0.8.0-1.1.ppc64le", product: { name: "java-17-openj9-17.0.8.0-1.1.ppc64le", product_id: "java-17-openj9-17.0.8.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.8.0-1.1.ppc64le", product: { name: "java-17-openj9-demo-17.0.8.0-1.1.ppc64le", product_id: "java-17-openj9-demo-17.0.8.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.8.0-1.1.ppc64le", product: { name: "java-17-openj9-devel-17.0.8.0-1.1.ppc64le", product_id: "java-17-openj9-devel-17.0.8.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.8.0-1.1.ppc64le", product: { name: "java-17-openj9-headless-17.0.8.0-1.1.ppc64le", product_id: "java-17-openj9-headless-17.0.8.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", product: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", product_id: "java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", product: { name: "java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", product_id: "java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.8.0-1.1.ppc64le", product: { name: "java-17-openj9-src-17.0.8.0-1.1.ppc64le", product_id: "java-17-openj9-src-17.0.8.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-17-openj9-17.0.8.0-1.1.s390x", product: { name: "java-17-openj9-17.0.8.0-1.1.s390x", product_id: "java-17-openj9-17.0.8.0-1.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.8.0-1.1.s390x", product: { name: "java-17-openj9-demo-17.0.8.0-1.1.s390x", product_id: "java-17-openj9-demo-17.0.8.0-1.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.8.0-1.1.s390x", product: { name: "java-17-openj9-devel-17.0.8.0-1.1.s390x", product_id: "java-17-openj9-devel-17.0.8.0-1.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.8.0-1.1.s390x", product: { name: "java-17-openj9-headless-17.0.8.0-1.1.s390x", product_id: "java-17-openj9-headless-17.0.8.0-1.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-javadoc-17.0.8.0-1.1.s390x", product: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.s390x", product_id: "java-17-openj9-javadoc-17.0.8.0-1.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.8.0-1.1.s390x", product: { name: "java-17-openj9-jmods-17.0.8.0-1.1.s390x", product_id: "java-17-openj9-jmods-17.0.8.0-1.1.s390x", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.8.0-1.1.s390x", product: { name: "java-17-openj9-src-17.0.8.0-1.1.s390x", product_id: "java-17-openj9-src-17.0.8.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-17-openj9-17.0.8.0-1.1.x86_64", product: { name: "java-17-openj9-17.0.8.0-1.1.x86_64", product_id: "java-17-openj9-17.0.8.0-1.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-demo-17.0.8.0-1.1.x86_64", product: { name: "java-17-openj9-demo-17.0.8.0-1.1.x86_64", product_id: "java-17-openj9-demo-17.0.8.0-1.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-devel-17.0.8.0-1.1.x86_64", product: { name: "java-17-openj9-devel-17.0.8.0-1.1.x86_64", product_id: "java-17-openj9-devel-17.0.8.0-1.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-headless-17.0.8.0-1.1.x86_64", product: { name: "java-17-openj9-headless-17.0.8.0-1.1.x86_64", product_id: "java-17-openj9-headless-17.0.8.0-1.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", product: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", product_id: "java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-jmods-17.0.8.0-1.1.x86_64", product: { name: "java-17-openj9-jmods-17.0.8.0-1.1.x86_64", product_id: "java-17-openj9-jmods-17.0.8.0-1.1.x86_64", }, }, { category: "product_version", name: "java-17-openj9-src-17.0.8.0-1.1.x86_64", product: { name: "java-17-openj9-src-17.0.8.0-1.1.x86_64", product_id: "java-17-openj9-src-17.0.8.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", }, product_reference: "java-17-openj9-17.0.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", }, product_reference: "java-17-openj9-17.0.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", }, product_reference: "java-17-openj9-17.0.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-17.0.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", }, product_reference: "java-17-openj9-17.0.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", }, product_reference: "java-17-openj9-demo-17.0.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", }, product_reference: "java-17-openj9-demo-17.0.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", }, product_reference: "java-17-openj9-demo-17.0.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-demo-17.0.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", }, product_reference: "java-17-openj9-demo-17.0.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", }, product_reference: "java-17-openj9-devel-17.0.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", }, product_reference: "java-17-openj9-devel-17.0.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", }, product_reference: "java-17-openj9-devel-17.0.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-devel-17.0.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", }, product_reference: "java-17-openj9-devel-17.0.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", }, product_reference: "java-17-openj9-headless-17.0.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", }, product_reference: "java-17-openj9-headless-17.0.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", }, product_reference: "java-17-openj9-headless-17.0.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-headless-17.0.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", }, product_reference: "java-17-openj9-headless-17.0.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", }, product_reference: "java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", }, product_reference: "java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", }, product_reference: "java-17-openj9-javadoc-17.0.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-javadoc-17.0.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", }, product_reference: "java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", }, product_reference: "java-17-openj9-jmods-17.0.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", }, product_reference: "java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", }, product_reference: "java-17-openj9-jmods-17.0.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-jmods-17.0.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", }, product_reference: "java-17-openj9-jmods-17.0.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.8.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", }, product_reference: "java-17-openj9-src-17.0.8.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.8.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", }, product_reference: "java-17-openj9-src-17.0.8.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.8.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", }, product_reference: "java-17-openj9-src-17.0.8.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "java-17-openj9-src-17.0.8.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", }, product_reference: "java-17-openj9-src-17.0.8.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-22006", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22006", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22006", url: "https://www.suse.com/security/cve/CVE-2023-22006", }, { category: "external", summary: "SUSE Bug 1213473 for CVE-2023-22006", url: "https://bugzilla.suse.com/1213473", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-22006", }, { cve: "CVE-2023-22041", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22041", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22041", url: "https://www.suse.com/security/cve/CVE-2023-22041", }, { category: "external", summary: "SUSE Bug 1213475 for CVE-2023-22041", url: "https://bugzilla.suse.com/1213475", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-22041", }, { cve: "CVE-2023-22045", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-22045", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-22045", url: "https://www.suse.com/security/cve/CVE-2023-22045", }, { category: "external", summary: "SUSE Bug 1213481 for CVE-2023-22045", url: "https://bugzilla.suse.com/1213481", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2023-22045", }, { cve: "CVE-2023-25193", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-25193", }, ], notes: [ { category: "general", text: "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-25193", url: "https://www.suse.com/security/cve/CVE-2023-25193", }, { category: "external", summary: "SUSE Bug 1207922 for CVE-2023-25193", url: "https://bugzilla.suse.com/1207922", }, { category: "external", summary: "SUSE Bug 1213939 for CVE-2023-25193", url: "https://bugzilla.suse.com/1213939", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2023-25193", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-demo-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-devel-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-headless-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-javadoc-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-jmods-17.0.8.0-1.1.x86_64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.aarch64", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.ppc64le", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.s390x", "openSUSE Tumbleweed:java-17-openj9-src-17.0.8.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2023-2597", }, ], }
suse-su-2023:2476-1
Vulnerability from csaf_suse
Published
2023-06-09 05:34
Modified
2023-06-09 05:34
Summary
Security update for java-1_8_0-ibm
Notes
Title of the patch
Security update for java-1_8_0-ibm
Description of the patch
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).
Additional reference fixed already in 8.0.7.15:
- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).
Patchnames
SUSE-2023-2476,SUSE-OpenStack-Cloud-9-2023-2476,SUSE-OpenStack-Cloud-Crowbar-9-2023-2476,SUSE-SLE-SAP-12-SP4-2023-2476,SUSE-SLE-SDK-12-SP5-2023-2476,SUSE-SLE-SERVER-12-SP2-BCL-2023-2476,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2476,SUSE-SLE-SERVER-12-SP4-LTSS-2023-2476,SUSE-SLE-SERVER-12-SP5-2023-2476
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for java-1_8_0-ibm", title: "Title of the patch", }, { category: "description", text: "This update for java-1_8_0-ibm fixes the following issues:\n\n- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).\n- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).\n- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).\n- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).\n- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).\n- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).\n- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).\n- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).\n\nAdditional reference fixed already in 8.0.7.15:\n\n- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-2476,SUSE-OpenStack-Cloud-9-2023-2476,SUSE-OpenStack-Cloud-Crowbar-9-2023-2476,SUSE-SLE-SAP-12-SP4-2023-2476,SUSE-SLE-SDK-12-SP5-2023-2476,SUSE-SLE-SERVER-12-SP2-BCL-2023-2476,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2476,SUSE-SLE-SERVER-12-SP4-LTSS-2023-2476,SUSE-SLE-SERVER-12-SP5-2023-2476", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2476-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:2476-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20232476-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:2476-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015130.html", }, { category: "self", summary: "SUSE Bug 1210628", url: "https://bugzilla.suse.com/1210628", }, { category: "self", summary: "SUSE Bug 1210631", url: "https://bugzilla.suse.com/1210631", }, { category: "self", summary: "SUSE Bug 1210632", url: "https://bugzilla.suse.com/1210632", }, { category: "self", summary: "SUSE Bug 1210634", url: "https://bugzilla.suse.com/1210634", }, { category: "self", summary: "SUSE Bug 1210635", url: "https://bugzilla.suse.com/1210635", }, { category: "self", summary: "SUSE Bug 1210636", url: "https://bugzilla.suse.com/1210636", }, { category: "self", summary: "SUSE Bug 1210637", url: "https://bugzilla.suse.com/1210637", }, { category: "self", summary: "SUSE Bug 1210711", url: "https://bugzilla.suse.com/1210711", }, { category: "self", summary: "SUSE Bug 1210826", url: "https://bugzilla.suse.com/1210826", }, { category: "self", summary: "SUSE Bug 1211615", url: "https://bugzilla.suse.com/1211615", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21937 page", url: "https://www.suse.com/security/cve/CVE-2023-21937/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21939 page", url: "https://www.suse.com/security/cve/CVE-2023-21939/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21967 page", url: "https://www.suse.com/security/cve/CVE-2023-21967/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, { category: "self", summary: "SUSE CVE CVE-2023-30441 page", url: "https://www.suse.com/security/cve/CVE-2023-30441/", }, ], title: "Security update for java-1_8_0-ibm", tracking: { current_release_date: "2023-06-09T05:34:25Z", generator: { date: "2023-06-09T05:34:25Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:2476-1", initial_release_date: "2023-06-09T05:34:25Z", revision_history: [ { date: "2023-06-09T05:34:25Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.i586", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.i586", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.i586", product: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.i586", product_id: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.i586", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.i586", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.i586", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.i586", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.i586", product: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.i586", product_id: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.i586", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.i586", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.ppc64le", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.ppc64le", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.ppc64le", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.ppc64le", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.s390", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.s390", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.s390", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.s390", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.s390", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-30.108.1.s390x", product: { name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-30.108.1.s390x", product_id: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-30.108.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.s390x", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.s390x", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-30.108.1.s390x", product: { name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-30.108.1.s390x", product_id: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-30.108.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.s390x", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.s390x", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-30.108.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-30.108.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-30.108.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.x86_64", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.x86_64", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-30.108.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE OpenStack Cloud 9", product: { name: "SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud:9", }, }, }, { category: "product_name", name: "SUSE OpenStack Cloud Crowbar 9", product: { name: "SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9", product_identification_helper: { cpe: "cpe:/o:suse:suse-openstack-cloud-crowbar:9", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles-bcl:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4-ESPOS", product: { name: "SUSE Linux Enterprise Server 12 SP4-ESPOS", product_id: "SUSE Linux Enterprise Server 12 SP4-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sles-espos:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud 9", product_id: "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9", product_id: "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE OpenStack Cloud Crowbar 9", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL", product_id: "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-ESPOS", product_id: "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-ESPOS", product_id: "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-ESPOS", product_id: "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-ESPOS", product_id: "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21937", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21937", url: "https://www.suse.com/security/cve/CVE-2023-21937", }, { category: "external", summary: "SUSE Bug 1210631 for CVE-2023-21937", url: "https://bugzilla.suse.com/1210631", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "low", }, ], title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21939", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21939", url: "https://www.suse.com/security/cve/CVE-2023-21939", }, { category: "external", summary: "SUSE Bug 1210634 for CVE-2023-21939", url: "https://bugzilla.suse.com/1210634", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "moderate", }, ], title: "CVE-2023-21939", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21967", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21967", url: "https://www.suse.com/security/cve/CVE-2023-21967", }, { category: "external", summary: "SUSE Bug 1210636 for CVE-2023-21967", url: "https://bugzilla.suse.com/1210636", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "moderate", }, ], title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "moderate", }, ], title: "CVE-2023-2597", }, { cve: "CVE-2023-30441", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-30441", }, ], notes: [ { category: "general", text: "IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-30441", url: "https://www.suse.com/security/cve/CVE-2023-30441", }, { category: "external", summary: "SUSE Bug 1210711 for CVE-2023-30441", url: "https://bugzilla.suse.com/1210711", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP2-BCL:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP4-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1.x86_64", "SUSE OpenStack Cloud Crowbar 9:java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-09T05:34:25Z", details: "important", }, ], title: "CVE-2023-30441", }, ], }
suse-su-2023:3305-1
Vulnerability from csaf_suse
Published
2023-08-14 08:16
Modified
2023-08-14 08:16
Summary
Security update for java-1_8_0-openj9
Notes
Title of the patch
Security update for java-1_8_0-openj9
Description of the patch
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine.
CVE-2023-21930: Unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628).
CVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). (bsc#1210631).
CVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). (bsc#1210632).
CVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). (bsc#1210634).
CVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). (bsc#1210635).
CVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). (bsc#1210636).
CVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (bsc#1210637).
CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
Patchnames
SUSE-2023-3305,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3305,openSUSE-SLE-15.4-2023-3305,openSUSE-SLE-15.5-2023-3305
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for java-1_8_0-openj9", title: "Title of the patch", }, { category: "description", text: "This update for java-1_8_0-openj9 fixes the following issues:\n\nUpdate to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine.\n\nCVE-2023-21930: Unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628).\nCVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). (bsc#1210631).\nCVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). (bsc#1210632).\nCVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). (bsc#1210634).\nCVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). (bsc#1210635).\nCVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). (bsc#1210636).\nCVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (bsc#1210637).\nCVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-3305,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3305,openSUSE-SLE-15.4-2023-3305,openSUSE-SLE-15.5-2023-3305", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3305-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:3305-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20233305-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:3305-1", url: "https://lists.suse.com/pipermail/sle-updates/2023-August/031002.html", }, { category: "self", summary: "SUSE Bug 1210628", url: "https://bugzilla.suse.com/1210628", }, { category: "self", summary: "SUSE Bug 1210631", url: "https://bugzilla.suse.com/1210631", }, { category: "self", summary: "SUSE Bug 1210632", url: "https://bugzilla.suse.com/1210632", }, { category: "self", summary: "SUSE Bug 1210634", url: "https://bugzilla.suse.com/1210634", }, { category: "self", summary: "SUSE Bug 1210635", url: "https://bugzilla.suse.com/1210635", }, { category: "self", summary: "SUSE Bug 1210636", url: "https://bugzilla.suse.com/1210636", }, { category: "self", summary: "SUSE Bug 1210637", url: "https://bugzilla.suse.com/1210637", }, { category: "self", summary: "SUSE Bug 1211615", url: "https://bugzilla.suse.com/1211615", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21937 page", url: "https://www.suse.com/security/cve/CVE-2023-21937/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21939 page", url: "https://www.suse.com/security/cve/CVE-2023-21939/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21967 page", url: "https://www.suse.com/security/cve/CVE-2023-21967/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, ], title: "Security update for java-1_8_0-openj9", tracking: { current_release_date: "2023-08-14T08:16:15Z", generator: { date: "2023-08-14T08:16:15Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:3305-1", initial_release_date: "2023-08-14T08:16:15Z", revision_history: [ { date: "2023-08-14T08:16:15Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", product: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", product_id: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", product_id: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", product_id: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", product_id: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", product: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", product_id: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", product: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", product_id: "java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", product: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", product_id: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", product_id: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", product_id: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", product_id: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", product: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", product_id: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", product: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", product_id: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", product_id: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", product_id: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", product_id: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", product: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", product_id: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", product: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", product_id: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", product: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", product_id: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", product: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", product_id: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", product: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", product_id: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", product: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", product_id: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", }, }, { category: "product_version", name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", product: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", product_id: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", }, product_reference: "java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", }, product_reference: "java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", }, product_reference: "java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21937", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21937", url: "https://www.suse.com/security/cve/CVE-2023-21937", }, { category: "external", summary: "SUSE Bug 1210631 for CVE-2023-21937", url: "https://bugzilla.suse.com/1210631", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "low", }, ], title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21939", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21939", url: "https://www.suse.com/security/cve/CVE-2023-21939", }, { category: "external", summary: "SUSE Bug 1210634 for CVE-2023-21939", url: "https://bugzilla.suse.com/1210634", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "moderate", }, ], title: "CVE-2023-21939", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21967", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21967", url: "https://www.suse.com/security/cve/CVE-2023-21967", }, { category: "external", summary: "SUSE Bug 1210636 for CVE-2023-21967", url: "https://bugzilla.suse.com/1210636", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "moderate", }, ], title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.4:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.4:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-accessibility-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-demo-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-devel-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-headless-1.8.0.372-150200.3.33.2.x86_64", "openSUSE Leap 15.5:java-1_8_0-openj9-javadoc-1.8.0.372-150200.3.33.2.noarch", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.aarch64", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.ppc64le", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.s390x", "openSUSE Leap 15.5:java-1_8_0-openj9-src-1.8.0.372-150200.3.33.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-08-14T08:16:15Z", details: "moderate", }, ], title: "CVE-2023-2597", }, ], }
suse-su-2023:2491-1
Vulnerability from csaf_suse
Published
2023-06-13 06:02
Modified
2023-06-13 06:02
Summary
Security update for java-1_8_0-ibm
Notes
Title of the patch
Security update for java-1_8_0-ibm
Description of the patch
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).
Additional reference fixed already in 8.0.7.15:
- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).
Patchnames
SUSE-2023-2491,SUSE-SLE-Module-Legacy-15-SP4-2023-2491,SUSE-SLE-Module-Legacy-15-SP5-2023-2491,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2491,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2491,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2491,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2491,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2491,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2491,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2491,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2491,SUSE-Storage-7-2023-2491,SUSE-Storage-7.1-2023-2491,openSUSE-SLE-15.4-2023-2491,openSUSE-SLE-15.5-2023-2491
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for java-1_8_0-ibm", title: "Title of the patch", }, { category: "description", text: "This update for java-1_8_0-ibm fixes the following issues:\n\n- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).\n- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).\n- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).\n- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).\n- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).\n- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).\n- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).\n- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).\n\nAdditional reference fixed already in 8.0.7.15:\n\n- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-2491,SUSE-SLE-Module-Legacy-15-SP4-2023-2491,SUSE-SLE-Module-Legacy-15-SP5-2023-2491,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2491,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2491,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2491,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2491,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2491,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2491,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2491,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2491,SUSE-Storage-7-2023-2491,SUSE-Storage-7.1-2023-2491,openSUSE-SLE-15.4-2023-2491,openSUSE-SLE-15.5-2023-2491", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2491-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:2491-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20232491-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:2491-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015172.html", }, { category: "self", summary: "SUSE Bug 1210628", url: "https://bugzilla.suse.com/1210628", }, { category: "self", summary: "SUSE Bug 1210631", url: "https://bugzilla.suse.com/1210631", }, { category: "self", summary: "SUSE Bug 1210632", url: "https://bugzilla.suse.com/1210632", }, { category: "self", summary: "SUSE Bug 1210634", url: "https://bugzilla.suse.com/1210634", }, { category: "self", summary: "SUSE Bug 1210635", url: "https://bugzilla.suse.com/1210635", }, { category: "self", summary: "SUSE Bug 1210636", url: "https://bugzilla.suse.com/1210636", }, { category: "self", summary: "SUSE Bug 1210637", url: "https://bugzilla.suse.com/1210637", }, { category: "self", summary: "SUSE Bug 1210711", url: "https://bugzilla.suse.com/1210711", }, { category: "self", summary: "SUSE Bug 1210826", url: "https://bugzilla.suse.com/1210826", }, { category: "self", summary: "SUSE Bug 1211615", url: "https://bugzilla.suse.com/1211615", }, { category: "self", summary: "SUSE CVE CVE-2023-21930 page", url: "https://www.suse.com/security/cve/CVE-2023-21930/", }, { category: "self", summary: "SUSE CVE CVE-2023-21937 page", url: "https://www.suse.com/security/cve/CVE-2023-21937/", }, { category: "self", summary: "SUSE CVE CVE-2023-21938 page", url: "https://www.suse.com/security/cve/CVE-2023-21938/", }, { category: "self", summary: "SUSE CVE CVE-2023-21939 page", url: "https://www.suse.com/security/cve/CVE-2023-21939/", }, { category: "self", summary: "SUSE CVE CVE-2023-21954 page", url: "https://www.suse.com/security/cve/CVE-2023-21954/", }, { category: "self", summary: "SUSE CVE CVE-2023-21967 page", url: "https://www.suse.com/security/cve/CVE-2023-21967/", }, { category: "self", summary: "SUSE CVE CVE-2023-21968 page", url: "https://www.suse.com/security/cve/CVE-2023-21968/", }, { category: "self", summary: "SUSE CVE CVE-2023-2597 page", url: "https://www.suse.com/security/cve/CVE-2023-2597/", }, { category: "self", summary: "SUSE CVE CVE-2023-30441 page", url: "https://www.suse.com/security/cve/CVE-2023-30441/", }, ], title: "Security update for java-1_8_0-ibm", tracking: { current_release_date: "2023-06-13T06:02:05Z", generator: { date: "2023-06-13T06:02:05Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:2491-1", initial_release_date: "2023-06-13T06:02:05Z", revision_history: [ { date: "2023-06-13T06:02:05Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.i586", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.i586", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.i586", product: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.i586", product_id: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.i586", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.i586", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.i586", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.i586", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.i586", product: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.i586", product_id: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.i586", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.i586", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.i586", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, { category: "product_version", name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", product: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", product_id: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Legacy 15 SP4", product: { name: "SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-legacy:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Legacy 15 SP5", product: { name: "SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-legacy:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp3", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7", product: { name: "SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7", product_identification_helper: { cpe: "cpe:/o:suse:ses:7", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7.1", product: { name: "SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1", product_identification_helper: { cpe: "cpe:/o:suse:ses:7.1", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP4", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15 SP5", product_id: "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Legacy 15 SP5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP3-LTSS", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of SUSE Enterprise Storage 7.1", product_id: "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7.1", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", }, product_reference: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", }, product_reference: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", }, product_reference: "java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-21930", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21930", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21930", url: "https://www.suse.com/security/cve/CVE-2023-21930", }, { category: "external", summary: "SUSE Bug 1210628 for CVE-2023-21930", url: "https://bugzilla.suse.com/1210628", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "important", }, ], title: "CVE-2023-21930", }, { cve: "CVE-2023-21937", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21937", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21937", url: "https://www.suse.com/security/cve/CVE-2023-21937", }, { category: "external", summary: "SUSE Bug 1210631 for CVE-2023-21937", url: "https://bugzilla.suse.com/1210631", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "low", }, ], title: "CVE-2023-21937", }, { cve: "CVE-2023-21938", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21938", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21938", url: "https://www.suse.com/security/cve/CVE-2023-21938", }, { category: "external", summary: "SUSE Bug 1210632 for CVE-2023-21938", url: "https://bugzilla.suse.com/1210632", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "low", }, ], title: "CVE-2023-21938", }, { cve: "CVE-2023-21939", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21939", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21939", url: "https://www.suse.com/security/cve/CVE-2023-21939", }, { category: "external", summary: "SUSE Bug 1210634 for CVE-2023-21939", url: "https://bugzilla.suse.com/1210634", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "moderate", }, ], title: "CVE-2023-21939", }, { cve: "CVE-2023-21954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21954", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21954", url: "https://www.suse.com/security/cve/CVE-2023-21954", }, { category: "external", summary: "SUSE Bug 1210635 for CVE-2023-21954", url: "https://bugzilla.suse.com/1210635", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "moderate", }, ], title: "CVE-2023-21954", }, { cve: "CVE-2023-21967", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21967", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21967", url: "https://www.suse.com/security/cve/CVE-2023-21967", }, { category: "external", summary: "SUSE Bug 1210636 for CVE-2023-21967", url: "https://bugzilla.suse.com/1210636", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "moderate", }, ], title: "CVE-2023-21967", }, { cve: "CVE-2023-21968", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-21968", }, ], notes: [ { category: "general", text: "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-21968", url: "https://www.suse.com/security/cve/CVE-2023-21968", }, { category: "external", summary: "SUSE Bug 1210637 for CVE-2023-21968", url: "https://bugzilla.suse.com/1210637", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "low", }, ], title: "CVE-2023-21968", }, { cve: "CVE-2023-2597", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-2597", }, ], notes: [ { category: "general", text: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-2597", url: "https://www.suse.com/security/cve/CVE-2023-2597", }, { category: "external", summary: "SUSE Bug 1211615 for CVE-2023-2597", url: "https://bugzilla.suse.com/1211615", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "moderate", }, ], title: "CVE-2023-2597", }, { cve: "CVE-2023-30441", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-30441", }, ], notes: [ { category: "general", text: "IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-30441", url: "https://www.suse.com/security/cve/CVE-2023-30441", }, { category: "external", summary: "SUSE Bug 1210711 for CVE-2023-30441", url: "https://bugzilla.suse.com/1210711", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7.1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Enterprise Storage 7:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Module for Legacy 15 SP5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server 15 SP3-LTSS:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP3:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.4:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.ppc64le", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.s390x", "openSUSE Leap 15.5:java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-06-13T06:02:05Z", details: "important", }, ], title: "CVE-2023-30441", }, ], }
ghsa-4794-756c-cx7v
Vulnerability from github
Published
2023-05-22 12:30
Modified
2024-06-21 21:33
Severity ?
Details
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
{ affected: [], aliases: [ "CVE-2023-2597", ], database_specific: { cwe_ids: [ "CWE-120", "CWE-125", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2023-05-22T12:15:09Z", severity: "CRITICAL", }, details: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", id: "GHSA-4794-756c-cx7v", modified: "2024-06-21T21:33:53Z", published: "2023-05-22T12:30:25Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2597", }, { type: "WEB", url: "https://github.com/eclipse-openj9/openj9/pull/17259", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20240621-0006", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2023-2597
Vulnerability from fkie_nvd
Published
2023-05-22 12:15
Modified
2024-11-21 07:58
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*", matchCriteriaId: "575BD70A-498B-4D6A-BF10-E15592EF66AD", versionEndExcluding: "0.38.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", }, ], id: "CVE-2023-2597", lastModified: "2024-11-21T07:58:54.127", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "emo@eclipse.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-22T12:15:09.760", references: [ { source: "emo@eclipse.org", tags: [ "Patch", ], url: "https://github.com/eclipse-openj9/openj9/pull/17259", }, { source: "emo@eclipse.org", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/eclipse-openj9/openj9/pull/17259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], sourceIdentifier: "emo@eclipse.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "emo@eclipse.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2023-2597
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-2597", id: "GSD-2023-2597", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-2597", ], details: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", id: "GSD-2023-2597", modified: "2023-12-13T01:20:32.123286Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2023-2597", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Eclipse OpenJ9", version: { version_data: [ { version_affected: "<=", version_value: "0.37.0", }, ], }, }, ], }, vendor_name: "Eclipse Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", }, ], }, impact: { cvss: { baseScore: 6.7, vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-120", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse-openj9/openj9/pull/17259", refsource: "CONFIRM", url: "https://github.com/eclipse-openj9/openj9/pull/17259", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "0.38.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@eclipse.org", ID: "CVE-2023-2597", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/eclipse-openj9/openj9/pull/17259", refsource: "CONFIRM", tags: [ "Patch", ], url: "https://github.com/eclipse-openj9/openj9/pull/17259", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, }, }, lastModifiedDate: "2023-05-30T21:32Z", publishedDate: "2023-05-22T12:15Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.