CVE-2023-22067 — Incorrect Authorization in Corporation Java SE JDK AND JRE

CWE-863 — Incorrect Authorization CWE-502 — Deserialization of Untrusted Data8 documents8 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 61.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Java SE JDK AND JRE Oracle JDK Oracle JRE

Timeline

PublishedOct 17

Latest updateNov 29

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5oracle_corporation/java_se_jdk_and_jre4 versions+3

▶NVDoracle/jdk1.8.0

▶NVDoracle/jre1.8.0

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-h8rm-272h-gc9p: Vulnerability in Oracle Java SE (component: CORBA)↗2023-10-18

▶

OSV

CVE-2023-22067: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA)↗2023-10-17

▶

CVEList

CVE-2023-22067: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA)↗2023-10-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK 8 vulnerabilities↗2023-11-29

▶

Red Hat

OpenJDK: IOR deserialization issue in CORBA (8303384)↗2023-10-17

▶

Oracle

Oracle Oracle Java SE Risk Matrix: CORBA — CVE-2023-22067↗2023-10-15

▶

Debian

CVE-2023-22067: openjdk-8 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...↗2023

▶