Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2023-21967

Published: 18/04/2023 Updated: 08/11/2023
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Oracle

Vulnerability Summary

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jre 11.0.18

oracle jre 17.0.6

oracle jdk 11.0.18

oracle graalvm 20.3.9

oracle graalvm 21.3.5

oracle graalvm 22.3.1

oracle jdk 1.8.0

oracle jdk 17.0.6

oracle jre 1.8.0

oracle jre 20

oracle jdk 20

netapp oncommand insight -

netapp 7-mode transition tool -

netapp brocade san navigator -

netapp cloud insights acquisition unit -

netapp cloud insights storage workload security agent -

debian debian linux 10.0

debian debian linux 11.0

debian debian linux 12.0

oracle openjdk 8

oracle openjdk 20

oracle openjdk

Vendor Advisories

Debian CVElist Bug Report Logs: openjdk-17: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968
Debian Bug report logs - #1035957 openjdk-17: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 Package: src:openjdk-17; Maintainer for src:openjdk-17 is OpenJDK Team <openjdk-17@packagesdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 11 ...
Debian Security Advisories: DSA-5430-1 openjdk-17 -- security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions For the oldstable distribution (bullseye), these problems have been fixed in version 1707+7-1~deb11u1 For the stable distribution (bookworm), these problems have been fixed in ...
Debian Security Advisories: DSA-5478-1 openjdk-11 -- security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in bypass of sandbox restrictions, information disclosure, reduced cryptographic strength of the AES implementation, directory traversal or denial of service For the oldstable distribution (bullseye), these problems have been fixed in version 11020+8-1~deb ...
Amazon Linux AMI: ALAS-2023-1797
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to exploit vulnerability allows unauthenticated attacker ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to e ...
Amazon Linux 2: ALAS2CORRETTO8-2023-006
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to exploit vulnerability allows unauthenticated attacker with n ...
Amazon Linux 2: ALAS2-2023-2038
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to exploit vulnerability allows unauthenticated attacker with n ...
Amazon Linux 2: ALAS2-2023-2026
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to exploit vulnerability allows unauthenticated attacker with n ...
Amazon Linux 2: ALAS2JAVA-OPENJDK11-2023-004
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to exploit vulnerability allows unauthenticated attacker with n ...
Amazon Linux 2: ALAS2-2023-2025
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE) Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11018, 1706, 20; Oracle GraalVM Enterprise Edition: 2039, 2135 and 2231 Difficult to exploit vulnerability allows unauthenticated attacker with n ...
Red Hat: Important: java-1.8.0-openjdk security and bug fix update
Synopsis Important: java-180-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Product Security ...
Red Hat: Important: java-1.8.0-openjdk security update
概述 Important: java-180-openjdk security update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for java-180-openjdk is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat P ...
Red Hat: Important: java-1.8.0-openjdk security update
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat En ...
Red Hat: Important: java-1.8.0-openjdk security and bug fix update
Synopsis Important: java-180-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 90 Extended Update Support ...
Red Hat: Important: OpenJDK 8u372 Security Update for Portable Linux Builds
Synopsis Important: OpenJDK 8u372 Security Update for Portable Linux Builds Type/Severity Security Advisory: Important Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ra ...
Red Hat: Moderate: Release of OpenShift Serverless 1.29.0
Synopsis Moderate: Release of OpenShift Serverless 1290 Type/Severity Security Advisory: Moderate Topic OpenShift Serverless version 1290 contains a moderate security impactThe References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) ...
Red Hat: Important: java-17-openjdk security and bug fix update
Synopsis Important: java-17-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed H ...
Red Hat: Important: java-1.8.0-openjdk security update
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated th ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterpri ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this upd ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product S ...
Red Hat: Important: java-17-openjdk security and bug fix update
Synopsis Important: java-17-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Product Security has ra ...
Red Hat: Moderate: Red Hat Single Sign-On 7.6.3 for OpenShift image security update
Synopsis Moderate: Red Hat Single Sign-On 763 for OpenShift image security update Type/Severity Security Advisory: Moderate Topic A new image is available for Red Hat Single Sign-On 763, running on RedHat OpenShift Container Platform from the release of 311 up to the releaseof 4120Red Hat Product Security has rated this update as havi ...
Red Hat: Important: java-17-openjdk security and bug fix update
Synopsis Important: java-17-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed H ...
Red Hat: Important: java-17-openjdk security and bug fix update
Synopsis Important: java-17-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed H ...
Red Hat: Important: OpenJDK 11.0.19 Security Update for Windows Builds
Synopsis Important: OpenJDK 11019 Security Update for Windows Builds Type/Severity Security Advisory: Important Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this upd ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product S ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat ...
Red Hat: Important: OpenJDK 17.0.7 Security Update for Windows Builds
Synopsis Important: OpenJDK 1707 Security Update for Windows Builds Type/Severity Security Advisory: Important Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upd ...
Red Hat: Important: OpenJDK 17.0.7 Security Update for Portable Linux Builds
Synopsis Important: OpenJDK 1707 Security Update for Portable Linux Builds Type/Severity Security Advisory: Important Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity r ...
Red Hat: Important: java-17-openjdk security and bug fix update
Synopsis Important: java-17-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8Red Hat Product Security has ra ...
Red Hat: Important: java-11-openjdk security update
Synopsis Important: java-11-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-11-openjdk is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product S ...
Red Hat: Important: java-1.8.0-openjdk security update
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Pro ...
Red Hat: Important: java-1.8.0-openjdk security and bug fix update
Synopsis Important: java-180-openjdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 7Red Hat Product Security ...
Red Hat: Important: java-1.8.0-ibm security update
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 7 SupplementaryRed Hat Product Security has ra ...
Red Hat: Important: OpenJDK 11.0.19 Security Update for Portable Linux Builds
Synopsis Important: OpenJDK 11019 Security Update for Portable Linux Builds Type/Severity Security Advisory: Important Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity ...
Red Hat: Moderate: Migration Toolkit for Runtimes security update
Synopsis Moderate: Migration Toolkit for Runtimes security update Type/Severity Security Advisory: Moderate Topic An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8Red Hat Product Security has rated this update ...
Red Hat: Important: OpenJDK 8u372 Windows Security Update
Synopsis Important: OpenJDK 8u372 Windows Security Update Type/Severity Security Advisory: Important Topic An update is now available for OpenJDKRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available ...
Red Hat: Important: java-1.8.0-openjdk security update
Synopsis Important: java-180-openjdk security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-openjdk is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsR ...
Red Hat: Important: java-1.8.0-ibm security update
Synopsis Important: java-180-ibm security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for java-180-ibm is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this updat ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968 Affected products and versions are listed b ...
Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus
Cosminexus Developer's Kit for Java(TM) and Hitachi Developer's Kit for Java contain the following vulnerabilities: CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968 Affected products and versions are listed below Please upgrade your version to the appropriate version These vulnera ...

References

NVD-CWE-noinfohttps://www.oracle.com/security-alerts/cpuapr2023.htmlhttps://security.netapp.com/advisory/ntap-20230427-0008/https://www.debian.org/security/2023/dsa-5430https://www.debian.org/security/2023/dsa-5478https://lists.debian.org/debian-lts-announce/2023/09/msg00018.htmlhttps://www.couchbase.com/alerts/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035957https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5430
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook