CVE-2023-21967

CWE-3588 documents8 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 78.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Oracle OpenjdkOracle Corporation Java SE JDK AND JREDebian Debian Linux+3 more
Timeline
PublishedApr 18
Latest updateMay 16

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthor

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages7 packages

NVDoracle/graalvm20.3.9, 21.3.5, 22.3.1+2
NVDoracle/openjdk1111.0.18+4
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

3
OSV
CVE-2023-21967: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)2023-04-18
CVEList
CVE-2023-21967: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)2023-04-18
GHSA
GHSA-wg7x-fvjp-r3fx: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE)2023-04-18

📋Vendor Advisories

4
Ubuntu
OpenJDK vulnerabilities2023-05-16
Red Hat
OpenJDK: certificate validation issue in TLS session negotiation (8298310)2023-04-18
Oracle
Oracle Oracle Java SE Risk Matrix: JSSE — CVE-2023-219672023-04-15
Debian
CVE-2023-21967: openjdk-11 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...2023
CVE-2023-21967 (MEDIUM CVSS 5.9) | Vulnerability in the Oracle Java SE | cvebase.io