CVE-2023-21954

{"id": "CVE-2023-21954", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-04-18T20:15:15.630", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://security.netapp.com/advisory/ntap-20230427-0008/", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.couchbase.com/alerts/", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.debian.org/security/2023/dsa-5430", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.debian.org/security/2023/dsa-5478", "tags": ["Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "lastModified": "2023-11-08T23:06:16.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:graalvm:20.3.9:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "FE7FF02E-5A54-47BD-8FAC-E1F1E23CBD0B"}, {"criteria": "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "725D21E1-8FEF-492C-9CCF-75DDD286FA71"}, {"criteria": "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC05434-18E2-43D2-901F-BA97A3A3AC3A"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB648C28-DCDF-4CEE-816C-2D7EF91D2689"}, {"criteria": "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA4C6A6B-46BA-471A-959C-D1819B5D5196"}, {"criteria": "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "751BA15B-1950-4ABD-AFEB-B4F90587FF61"}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB18EEA4-9670-4EBC-8559-6766740980F3"}, {"criteria": "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B85FB47B-1A8B-4758-83A7-3AC5B74D73FB"}, {"criteria": "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B973ADC-5F00-4CC5-985F-F4E1BB9FF1EF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"}, {"criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120"}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111E81BB-7D96-44EB-ACFA-415C3F3EA62A", "versionEndExcluding": "8"}, {"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90F6CEC5-2FD9-4ADB-9D86-B741C0ABCD7B", "versionEndIncluding": "11.0.18", "versionStartIncluding": "11"}, {"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83395182-E46E-47FF-A781-4EF235BC83B6", "versionEndIncluding": "17.0.6", "versionStartIncluding": "17"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update342:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "383F0B07-59BF-4744-87F2-04C98BC183B4"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update352:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "494C17C6-54A3-4BE6-A4FF-2D54DF2B38D5"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update362:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1058ABDC-D652-4E2D-964D-C9C98FD404F6"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31"}, {"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9"}, {"criteria": "cpe:2.3:a:oracle:openjdk:20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77172BC0-8637-41F6-AE3B-83006D6735DE"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}