CVE-2023-22051Corporation Graalvm Enterprise Edition vulnerability

4 documents4 sources
Severity
3.7LOWNVD
EPSS
0.3%
top 50.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle Corporation Graalvm Enterprise EditionOracle GraalvmOracle Graalvm FOR JDK
Timeline
PublishedJul 18

Description

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can r

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDoracle/graalvm4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
CVEList
CVE-2023-22051: Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler)2023-07-18
GHSA
GHSA-7r72-73hh-mp22: Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler)2023-07-18

📋Vendor Advisories

1
Oracle
Oracle Oracle Java SE Risk Matrix: GraalVM Compiler — CVE-2023-220512023-07-15
CVE-2023-22051 — LOW severity | cvebase