CVE-2023-21930
Published Apr 18, 2023
Last updated 5 months ago
Overview
- Description
- Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.4
- Impact score
- 5.2
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B"
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71"
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F26CDEF2-A840-4957-A390-19E48AEEC70A"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3"
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB"
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF"
},
{
"criteria": "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC10C81D-E148-4208-BA86-086B935A1254"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
},
{
"criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120"
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A",
"versionEndExcluding": "8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B",
"versionEndIncluding": "11.0.18",
"versionStartIncluding": "11"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6",
"versionEndIncluding": "17.0.6",
"versionStartIncluding": "17"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE"
}
],
"operator": "OR"
}
]
}
]