CVE-2023-22044
Summary
| CVE | CVE-2023-22044 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-18 21:15:00 UTC |
| Updated | 2023-07-27 17:34:00 UTC |
| Description | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 12.0 | All | All | All |
| Application | Oracle | Graalvm | 21.3.6 | All | All | All |
| Application | Oracle | Graalvm | 22.3.2 | All | All | All |
| Application | Oracle | Graalvm For Jdk | 17.0.7 | All | All | All |
| Application | Oracle | Graalvm For Jdk | 20.0.1 | All | All | All |
| Application | Oracle | Jdk | 1.8.0 | update371 | All | All |
| Application | Oracle | Jdk | 17.0.7 | All | All | All |
| Application | Oracle | Jdk | 20.0.1 | All | All | All |
| Application | Oracle | Jre | 1.8.0 | update371 | All | All |
| Application | Oracle | Jre | 17.0.7 | All | All | All |
| Application | Oracle | Jre | 20.0.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update Advisory - July 2023 | MISC | www.oracle.com | |
| July 2023 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product Security | MISC | security.netapp.com | |
| Debian -- Security Information -- DSA-5458-1 openjdk-17 | MISC | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160809 Oracle Enterprise Linux Security Update for java-17-openjdk (ELSA-2023-4159)
- 160816 Oracle Enterprise Linux Security Update for java-17-openjdk (ELSA-2023-4177)
- 199629 Ubuntu Security Notification for Open Java Development Toolkit (OpenJDK) Vulnerabilities (USN-6263-1)
- 199638 Ubuntu Security Notification for Open Java Development Toolkit (OpenJDK) 20 Vulnerabilities (USN-6272-1)
- 241837 Red Hat Update for java-17-openjdk (RHSA-2023:4170)
- 241842 Red Hat Update for java-17-openjdk (RHSA-2023:4169)
- 241847 Red Hat Update for java-17-openjdk (RHSA-2023:4171)
- 241854 Red Hat Update for java-17-openjdk (RHSA-2023:4177)
- 241860 Red Hat Update for java-17-openjdk (RHSA-2023:4159)
- 355631 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2023-2023-258
- 355652 Amazon Linux Security Advisory for java-17-amazon-corretto : ALAS2-2023-2138
- 378673 Oracle Java Standard Edition (SE) Critical Patch Update - July 2023 (CPUJUL2023)
- 378691 Amazon Corretto Critical Patch Update (JUL2023)
- 378692 Azul Java Multiple Vulnerabilities Security Update July 2023
- 378793 Red Hat OpenJDK 17.0.8 Security Update for Windows Builds (RHSA-2023:4211)
- 378921 Alibaba Cloud Linux Security Update for java-17-openjdk (ALINUX3-SA-2023:0119)
- 503427 Alpine Linux Security Update for openjdk17
- 506137 Alpine Linux Security Update for openjdk17
- 6000168 Debian Security Update for openjdk-17 (DSA 5458-1)
- 754217 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2023:2990-1)
- 754271 SUSE Enterprise Linux Security Update for java-11-openjdk (SUSE-SU-2023:3287-1)
- 941189 AlmaLinux Security Update for java-17-openjdk (ALSA-2023:4159)
- 941191 AlmaLinux Security Update for java-17-openjdk (ALSA-2023:4177)