CVE-2023-21986Corporation Graalvm Enterprise Edition vulnerability

4 documents4 sources
Severity
5.7MEDIUMNVD
EPSS
0.1%
top 70.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Graalvm Enterprise EditionOracle Graalvm
Timeline
PublishedApr 18

Description

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly im

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:LExploitability: 2.5 | Impact: 2.7

Affected Packages2 packages

CVEListV5oracle_corporation/graalvm_enterprise_editionOracle GraalVM Enterprise Edition:20.3.9, Oracle GraalVM Enterprise Edition:21.3.5, Oracle GraalVM Enterprise Edition:22.3.1+2
NVDoracle/graalvm20.3.9, 21.3.5, 22.3.1+2

🔴Vulnerability Details

2
GHSA
GHSA-cqcj-32w9-hr73: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image)2023-04-18
CVEList
CVE-2023-21986: Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image)2023-04-18

📋Vendor Advisories

1
Oracle
Oracle Oracle Java SE Risk Matrix: Native Image — CVE-2023-219862023-04-15
CVE-2023-21986 — MEDIUM severity | cvebase