CVE-2023-21830Deserialization of Untrusted Data in Oracle Communications Unified Assurance

CWE-502Deserialization of Untrusted Data11 documents9 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 68.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Oracle Communications Unified AssuranceOracle Corporation Java SE JDK AND JREAzul Zulu+3 more
Timeline
PublishedJan 18
Latest updateJul 15

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized upda

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

NVDoracle/graalvm20.3.8, 21.3.4, 22.3.0+2
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
OSV
openjdk-8 vulnerabilities2023-02-28
OSV
CVE-2023-21830: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization)2023-01-18
GHSA
GHSA-xw85-qpwr-ch8h: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization)2023-01-18
CVEList
CVE-2023-21830: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization)2023-01-17

📋Vendor Advisories

6
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Oracle Java SE) — CVE-2023-218302023-07-15
Ubuntu
OpenJDK vulnerabilities2023-02-28
Red Hat
OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)2023-01-17
Oracle
Oracle Oracle Java SE Risk Matrix: Serialization — CVE-2023-218302023-01-15
Microsoft
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf2023-01-10
CVE-2023-21830 — Deserialization of Untrusted Data | cvebase