First published: Tue Apr 18 2023(Updated: )
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Libraries component could allow a remote attacker to cause integrity impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle GraalVM | =20.3.8 | |
Oracle GraalVM | =21.3.4 | |
Oracle GraalVM | =22.3.0 | |
Oracle JDK | =1.8.0-update361 | |
Oracle JDK | =11.0.18 | |
Oracle JDK | =17.0.6 | |
Oracle JDK | =20 | |
Oracle JRE | =1.8.0-update361 | |
Oracle JRE | =11.0.18 | |
Oracle JRE | =17.0.6 | |
Oracle JRE | =20 | |
debian/openjdk-11 | <=11.0.16+8-1~deb10u1 | 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.10~6ea-1 | |
debian/openjdk-20 | 20.0.2+9-1 | |
debian/openjdk-8 | 8u392-ga-1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
NetApp 7-Mode Transition Tool | ||
Netapp Brocade San Navigator | ||
Netapp Cloud Insights Acquisition Unit | ||
Netapp Cloud Insights Storage Workload Security Agent | ||
NetApp OnCommand Insight | ||
Oracle OpenJDK | <8 | |
Oracle OpenJDK | >=11<=11.0.18 | |
Oracle OpenJDK | >=17<=17.0.6 | |
Oracle OpenJDK | =8 | |
Oracle OpenJDK | =8-milestone1 | |
Oracle OpenJDK | =8-milestone2 | |
Oracle OpenJDK | =8-milestone3 | |
Oracle OpenJDK | =8-milestone4 | |
Oracle OpenJDK | =8-milestone5 | |
Oracle OpenJDK | =8-milestone6 | |
Oracle OpenJDK | =8-milestone7 | |
Oracle OpenJDK | =8-milestone8 | |
Oracle OpenJDK | =8-milestone9 | |
Oracle OpenJDK | =8-update101 | |
Oracle OpenJDK | =8-update102 | |
Oracle OpenJDK | =8-update11 | |
Oracle OpenJDK | =8-update111 | |
Oracle OpenJDK | =8-update112 | |
Oracle OpenJDK | =8-update121 | |
Oracle OpenJDK | =8-update131 | |
Oracle OpenJDK | =8-update141 | |
Oracle OpenJDK | =8-update151 | |
Oracle OpenJDK | =8-update152 | |
Oracle OpenJDK | =8-update161 | |
Oracle OpenJDK | =8-update162 | |
Oracle OpenJDK | =8-update171 | |
Oracle OpenJDK | =8-update172 | |
Oracle OpenJDK | =8-update181 | |
Oracle OpenJDK | =8-update191 | |
Oracle OpenJDK | =8-update192 | |
Oracle OpenJDK | =8-update20 | |
Oracle OpenJDK | =8-update201 | |
Oracle OpenJDK | =8-update202 | |
Oracle OpenJDK | =8-update211 | |
Oracle OpenJDK | =8-update212 | |
Oracle OpenJDK | =8-update221 | |
Oracle OpenJDK | =8-update222 | |
Oracle OpenJDK | =8-update231 | |
Oracle OpenJDK | =8-update232 | |
Oracle OpenJDK | =8-update241 | |
Oracle OpenJDK | =8-update242 | |
Oracle OpenJDK | =8-update25 | |
Oracle OpenJDK | =8-update252 | |
Oracle OpenJDK | =8-update262 | |
Oracle OpenJDK | =8-update271 | |
Oracle OpenJDK | =8-update281 | |
Oracle OpenJDK | =8-update282 | |
Oracle OpenJDK | =8-update291 | |
Oracle OpenJDK | =8-update301 | |
Oracle OpenJDK | =8-update302 | |
Oracle OpenJDK | =8-update31 | |
Oracle OpenJDK | =8-update312 | |
Oracle OpenJDK | =8-update322 | |
Oracle OpenJDK | =8-update332 | |
Oracle OpenJDK | =8-update342 | |
Oracle OpenJDK | =8-update352 | |
Oracle OpenJDK | =8-update362 | |
Oracle OpenJDK | =8-update40 | |
Oracle OpenJDK | =8-update45 | |
Oracle OpenJDK | =8-update5 | |
Oracle OpenJDK | =8-update51 | |
Oracle OpenJDK | =8-update60 | |
Oracle OpenJDK | =8-update65 | |
Oracle OpenJDK | =8-update66 | |
Oracle OpenJDK | =8-update71 | |
Oracle OpenJDK | =8-update72 | |
Oracle OpenJDK | =8-update73 | |
Oracle OpenJDK | =8-update74 | |
Oracle OpenJDK | =8-update77 | |
Oracle OpenJDK | =8-update91 | |
Oracle OpenJDK | =8-update92 | |
Oracle OpenJDK | =20 | |
IBM Cognos Controller | <=11.0.0 - 11.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-21938.
The affected software includes Oracle Java SE 8u361, 8u361-perf, 11.0.18, 17.0.6, 20, Oracle GraalVM Enterprise Edition 20.3.8, 21.3.4, and 22.3.0.
The severity of CVE-2023-21938 is low with a severity value of 3.7.
To fix the vulnerability, update Oracle Java SE to versions 11.0.20+8-1~deb10u1, 11.0.20+8-1~deb11u1, or 11.0.21~4ea-1, and update Oracle GraalVM Enterprise Edition to versions 17.0.7+7-1~deb11u1, 17.0.7+7-1~deb12u1, 17.0.8+7-1~deb12u1, or 17.0.9~6ea-1.
You can find more information about CVE-2023-21938 at the following references: [GitHub: Oracle JDK 8u361](https://github.com/openjdk/jdk8u/commit/a7fbe33ffece7c28c9808fcc631c2d4db4a59757), [GitHub: Oracle JDK 11.0.18](https://github.com/openjdk/jdk11u/commit/2d806d0e2f034b24987407a36bb8e246b1734927), [GitHub: Oracle JDK 17.0.6](https://github.com/openjdk/jdk17u/commit/28958abd0ea9c6296d140d04d0615b99da9370a5).