CVE-2023-21954

Severity

59%

Complexity

22%

Confidentiality

60%

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 3.1 Base Score 5.9. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Overview

Type

Oracle OpenJDK

First reported 1 year ago

2023-04-18 20:15:00

Last updated 1 year ago

2023-11-08 23:06:00

Affected Software

Oracle OpenJDK 8

8

Oracle OpenJDK 8 Update 102

8

Oracle OpenJDK 8 Update 112

8

Oracle OpenJDK 8 Update 152

8

Oracle OpenJDK 8 Update 162

8

Oracle OpenJDK 8 Update 172

8

Oracle OpenJDK 8 Update 192

8

Oracle OpenJDK 8 Update 20

8

Oracle OpenJDK 8 Update 202

8

Oracle OpenJDK 8 Update 212

8

Oracle OpenJDK 8 Update 222

8

Oracle OpenJDK 8 Update 232

8

Oracle OpenJDK 8 Update 40

8

Oracle OpenJDK 8 Update 60

8

Oracle OpenJDK 8 Update 66

8

Oracle OpenJDK 8 Update 72

8

Oracle OpenJDK 8 Update 92

8

Oracle OpenJDK 8 Milestone 1

8

Oracle OpenJDK 8 Milestone 2

8

Oracle OpenJDK 8 Milestone 3

8

Oracle OpenJDK 8 Milestone 4

8

Oracle OpenJDK 8 Milestone 5

8

Oracle OpenJDK 8 Milestone 6

8

Oracle OpenJDK 8 Milestone 7

8

Oracle OpenJDK 8 Milestone 8

8

Oracle OpenJDK 8 Milestone 9

8

Oracle OpenJDK 8 Update 242

8

Oracle OpenJDK 8 Update 252

8

Oracle OpenJDK 8 Update 262

8

Oracle OpenJDK -

References

https://www.oracle.com/security-alerts/cpuapr2023.html

https://www.oracle.com/security-alerts/cpuapr2023.html

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230427-0008/

https://www.debian.org/security/2023/dsa-5430

https://www.debian.org/security/2023/dsa-5478

https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

https://security.netapp.com/advisory/ntap-20230427-0008/

Third Party Advisory

https://www.debian.org/security/2023/dsa-5430

Third Party Advisory

https://www.debian.org/security/2023/dsa-5478

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

Mailing List, Third Party Advisory

https://www.couchbase.com/alerts/

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.