CVE-2023-21968

CWE-20Improper Input Validation8 documents8 sources
Severity
3.7LOW
EPSS
0.1%
top 74.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Oracle OpenjdkOracle Corporation Java SE JDK AND JREDebian Debian Linux+3 more
Timeline
PublishedApr 18
Latest updateMay 16

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages7 packages

NVDoracle/graalvm20.3.9, 21.3.5, 22.3.1+2
NVDoracle/openjdk1111.0.18+3
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

3
CVEList
CVE-2023-21968: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)2023-04-18
GHSA
GHSA-r6j2-4r52-mpg7: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)2023-04-18
OSV
CVE-2023-21968: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries)2023-04-18

📋Vendor Advisories

4
Ubuntu
OpenJDK vulnerabilities2023-05-16
Red Hat
OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)2023-04-18
Oracle
Oracle Oracle Java SE Risk Matrix: Libraries — CVE-2023-219682023-04-15
Debian
CVE-2023-21968: openjdk-11 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...2023
CVE-2023-21968 (LOW CVSS 3.7) | Vulnerability in the Oracle Java SE | cvebase.io