First published: Tue Apr 18 2023(Updated: )
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Networking component could allow a remote attacker to cause integrity impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle GraalVM | =20.3.9 | |
Oracle GraalVM | =21.3.5 | |
Oracle GraalVM | =22.3.1 | |
Oracle JDK | =1.8.0-update361 | |
Oracle JDK | =11.0.18 | |
Oracle JDK | =17.0.6 | |
Oracle JDK | =20 | |
Oracle JRE | =1.8.0-update361 | |
Oracle JRE | =11.0.18 | |
Oracle JRE | =17.0.6 | |
Oracle JRE | =20 | |
debian/openjdk-11 | <=11.0.16+8-1~deb10u1 | 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.10~6ea-1 | |
debian/openjdk-20 | 20.0.2+9-1 | |
debian/openjdk-8 | 8u392-ga-1 | |
NetApp 7-Mode Transition Tool | ||
Netapp Brocade San Navigator | ||
Netapp Cloud Insights Acquisition Unit | ||
Netapp Cloud Insights Storage Workload Security Agent | ||
NetApp OnCommand Insight | ||
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
Oracle OpenJDK | <8 | |
Oracle OpenJDK | >=11<=11.0.18 | |
Oracle OpenJDK | >=17<=17.0.6 | |
Oracle OpenJDK | =8 | |
Oracle OpenJDK | =8-milestone1 | |
Oracle OpenJDK | =8-milestone2 | |
Oracle OpenJDK | =8-milestone3 | |
Oracle OpenJDK | =8-milestone4 | |
Oracle OpenJDK | =8-milestone5 | |
Oracle OpenJDK | =8-milestone6 | |
Oracle OpenJDK | =8-milestone7 | |
Oracle OpenJDK | =8-milestone8 | |
Oracle OpenJDK | =8-milestone9 | |
Oracle OpenJDK | =8-update101 | |
Oracle OpenJDK | =8-update102 | |
Oracle OpenJDK | =8-update11 | |
Oracle OpenJDK | =8-update111 | |
Oracle OpenJDK | =8-update112 | |
Oracle OpenJDK | =8-update121 | |
Oracle OpenJDK | =8-update131 | |
Oracle OpenJDK | =8-update141 | |
Oracle OpenJDK | =8-update151 | |
Oracle OpenJDK | =8-update152 | |
Oracle OpenJDK | =8-update161 | |
Oracle OpenJDK | =8-update162 | |
Oracle OpenJDK | =8-update171 | |
Oracle OpenJDK | =8-update172 | |
Oracle OpenJDK | =8-update181 | |
Oracle OpenJDK | =8-update191 | |
Oracle OpenJDK | =8-update192 | |
Oracle OpenJDK | =8-update20 | |
Oracle OpenJDK | =8-update201 | |
Oracle OpenJDK | =8-update202 | |
Oracle OpenJDK | =8-update211 | |
Oracle OpenJDK | =8-update212 | |
Oracle OpenJDK | =8-update221 | |
Oracle OpenJDK | =8-update222 | |
Oracle OpenJDK | =8-update231 | |
Oracle OpenJDK | =8-update232 | |
Oracle OpenJDK | =8-update241 | |
Oracle OpenJDK | =8-update242 | |
Oracle OpenJDK | =8-update25 | |
Oracle OpenJDK | =8-update252 | |
Oracle OpenJDK | =8-update262 | |
Oracle OpenJDK | =8-update271 | |
Oracle OpenJDK | =8-update281 | |
Oracle OpenJDK | =8-update282 | |
Oracle OpenJDK | =8-update291 | |
Oracle OpenJDK | =8-update301 | |
Oracle OpenJDK | =8-update302 | |
Oracle OpenJDK | =8-update31 | |
Oracle OpenJDK | =8-update312 | |
Oracle OpenJDK | =8-update322 | |
Oracle OpenJDK | =8-update332 | |
Oracle OpenJDK | =8-update342 | |
Oracle OpenJDK | =8-update352 | |
Oracle OpenJDK | =8-update362 | |
Oracle OpenJDK | =8-update40 | |
Oracle OpenJDK | =8-update45 | |
Oracle OpenJDK | =8-update5 | |
Oracle OpenJDK | =8-update51 | |
Oracle OpenJDK | =8-update60 | |
Oracle OpenJDK | =8-update65 | |
Oracle OpenJDK | =8-update66 | |
Oracle OpenJDK | =8-update71 | |
Oracle OpenJDK | =8-update72 | |
Oracle OpenJDK | =8-update73 | |
Oracle OpenJDK | =8-update74 | |
Oracle OpenJDK | =8-update77 | |
Oracle OpenJDK | =8-update91 | |
Oracle OpenJDK | =8-update92 | |
Oracle OpenJDK | =20 | |
IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-21937 is low, with a severity value of 3.7.
Oracle Java SE versions 8u361, 11.0.18, 17.0.6, and 20, as well as Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, and 22.3.1 are affected by CVE-2023-21937.
The Networking component of Oracle Java SE is affected by CVE-2023-21937.
To fix CVE-2023-21937, it is recommended to update to the latest available versions of Oracle Java SE or Oracle GraalVM Enterprise Edition.
Yes, you can find more information about CVE-2023-21937 in the following references: [Link 1](https://github.com/openjdk/jdk8u/commit/a02c2bfb23dec01c987af1859654f0e4b44d70c6), [Link 2](https://github.com/openjdk/jdk8u/commit/2a54b080ed565c1d1ddadad27d2e4b77058ef2c7), [Link 3](https://github.com/openjdk/jdk8u/commit/17ba2dfb47f22a6a89609c94be50cabc6df5c8c9).