← Back

CVE-2023-21967

nvd nist
Published: Apr 18, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.2 / Impact: 3.6
Source: secalert_us@oracle.com (Secondary)

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Affected (91)

Oracle
4 products
Graalvm
Jdk
Jre
Openjdk
Netapp
5 products
7 Mode Transition Tool
Brocade San Navigator
Cloud Insights Acquisition Unit
Cloud Insights Storage Workload Security Agent
Oncommand Insight
Debian
1 product
Debian Linux
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Graalvm
Version 20.3.9
Graalvm
Version 21.3.5
Graalvm
Version 22.3.1
Oracle
Jdk
Version 1.8.0 update361
Jdk
Version 11.0.18
Jdk
Version 17.0.6
Jdk
Version 20
Oracle
Jre
Version 1.8.0 update361
Jre
Version 11.0.18
Jre
Version 17.0.6
Jre
Version 20
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
7 Mode Transition Tool
All versions
Brocade San Navigator
All versions
Cloud Insights Acquisition Unit
All versions
Cloud Insights Storage Workload Security Agent
All versions
Oncommand Insight
All versions
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 11.0
Debian Linux
Version 12.0
Configuration D
72 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Openjdk
Before 8
Openjdk
From 11 to 11.0.18
Openjdk
From 17 to 17.0.6
Openjdk
Version 20
Openjdk
Version 8
Openjdk
Version 8 milestone1
Openjdk
Version 8 milestone2
Openjdk
Version 8 milestone3
Openjdk
Version 8 milestone4
Openjdk
Version 8 milestone5
Openjdk
Version 8 milestone6
Openjdk
Version 8 milestone7
Openjdk
Version 8 milestone8
Openjdk
Version 8 milestone9
Openjdk
Version 8 update101
Openjdk
Version 8 update102
Openjdk
Version 8 update111
Openjdk
Version 8 update112
Openjdk
Version 8 update11
Openjdk
Version 8 update121
Openjdk
Version 8 update131
Openjdk
Version 8 update141
Openjdk
Version 8 update151
Openjdk
Version 8 update152
Openjdk
Version 8 update161
Openjdk
Version 8 update162
Openjdk
Version 8 update171
Openjdk
Version 8 update172
Openjdk
Version 8 update181
Openjdk
Version 8 update191
Openjdk
Version 8 update192
Openjdk
Version 8 update201
Openjdk
Version 8 update202
Openjdk
Version 8 update20
Openjdk
Version 8 update211
Openjdk
Version 8 update212
Openjdk
Version 8 update221
Openjdk
Version 8 update222
Openjdk
Version 8 update231
Openjdk
Version 8 update232
Openjdk
Version 8 update241
Openjdk
Version 8 update242
Openjdk
Version 8 update252
Openjdk
Version 8 update25
Openjdk
Version 8 update262
Openjdk
Version 8 update271
Openjdk
Version 8 update281
Openjdk
Version 8 update282
Openjdk
Version 8 update291
Openjdk
Version 8 update301
Openjdk
Version 8 update302
Openjdk
Version 8 update312
Openjdk
Version 8 update31
Openjdk
Version 8 update322
Openjdk
Version 8 update332
Openjdk
Version 8 update342
Openjdk
Version 8 update352
Openjdk
Version 8 update362
Openjdk
Version 8 update40
Openjdk
Version 8 update45
Openjdk
Version 8 update51
Openjdk
Version 8 update5
Openjdk
Version 8 update60
Openjdk
Version 8 update65
Openjdk
Version 8 update66
Openjdk
Version 8 update71
Openjdk
Version 8 update72
Openjdk
Version 8 update73
Openjdk
Version 8 update74
Openjdk
Version 8 update77
Openjdk
Version 8 update91
Openjdk
Version 8 update92

References (14)

Source: secalert_us@oracle.com
Mailing ListThird Party Advisory
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Third Party Advisory
Source: secalert_us@oracle.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.