First published: Tue Apr 18 2023(Updated: )
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow a remote attacker to cause high availability impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle GraalVM | =20.3.9 | |
Oracle GraalVM | =21.3.5 | |
Oracle GraalVM | =22.3.1 | |
Oracle JDK | =1.8.0-update361 | |
Oracle JDK | =11.0.18 | |
Oracle JDK | =17.0.6 | |
Oracle JDK | =20 | |
Oracle JRE | =1.8.0-update361 | |
Oracle JRE | =11.0.18 | |
Oracle JRE | =17.0.6 | |
Oracle JRE | =20 | |
debian/openjdk-11 | <=11.0.16+8-1~deb10u1 | 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.10~6ea-1 | |
debian/openjdk-20 | 20.0.2+9-1 | |
debian/openjdk-8 | 8u392-ga-1 | |
NetApp 7-Mode Transition Tool | ||
Netapp Brocade San Navigator | ||
Netapp Cloud Insights Acquisition Unit | ||
Netapp Cloud Insights Storage Workload Security Agent | ||
NetApp OnCommand Insight | ||
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Debian Debian Linux | =12.0 | |
Oracle OpenJDK | <8 | |
Oracle OpenJDK | >=11<=11.0.18 | |
Oracle OpenJDK | >=17<=17.0.6 | |
Oracle OpenJDK | =8 | |
Oracle OpenJDK | =8-milestone1 | |
Oracle OpenJDK | =8-milestone2 | |
Oracle OpenJDK | =8-milestone3 | |
Oracle OpenJDK | =8-milestone4 | |
Oracle OpenJDK | =8-milestone5 | |
Oracle OpenJDK | =8-milestone6 | |
Oracle OpenJDK | =8-milestone7 | |
Oracle OpenJDK | =8-milestone8 | |
Oracle OpenJDK | =8-milestone9 | |
Oracle OpenJDK | =8-update101 | |
Oracle OpenJDK | =8-update102 | |
Oracle OpenJDK | =8-update11 | |
Oracle OpenJDK | =8-update111 | |
Oracle OpenJDK | =8-update112 | |
Oracle OpenJDK | =8-update121 | |
Oracle OpenJDK | =8-update131 | |
Oracle OpenJDK | =8-update141 | |
Oracle OpenJDK | =8-update151 | |
Oracle OpenJDK | =8-update152 | |
Oracle OpenJDK | =8-update161 | |
Oracle OpenJDK | =8-update162 | |
Oracle OpenJDK | =8-update171 | |
Oracle OpenJDK | =8-update172 | |
Oracle OpenJDK | =8-update181 | |
Oracle OpenJDK | =8-update191 | |
Oracle OpenJDK | =8-update192 | |
Oracle OpenJDK | =8-update20 | |
Oracle OpenJDK | =8-update201 | |
Oracle OpenJDK | =8-update202 | |
Oracle OpenJDK | =8-update211 | |
Oracle OpenJDK | =8-update212 | |
Oracle OpenJDK | =8-update221 | |
Oracle OpenJDK | =8-update222 | |
Oracle OpenJDK | =8-update231 | |
Oracle OpenJDK | =8-update232 | |
Oracle OpenJDK | =8-update241 | |
Oracle OpenJDK | =8-update242 | |
Oracle OpenJDK | =8-update25 | |
Oracle OpenJDK | =8-update252 | |
Oracle OpenJDK | =8-update262 | |
Oracle OpenJDK | =8-update271 | |
Oracle OpenJDK | =8-update281 | |
Oracle OpenJDK | =8-update282 | |
Oracle OpenJDK | =8-update291 | |
Oracle OpenJDK | =8-update301 | |
Oracle OpenJDK | =8-update302 | |
Oracle OpenJDK | =8-update31 | |
Oracle OpenJDK | =8-update312 | |
Oracle OpenJDK | =8-update322 | |
Oracle OpenJDK | =8-update332 | |
Oracle OpenJDK | =8-update342 | |
Oracle OpenJDK | =8-update352 | |
Oracle OpenJDK | =8-update362 | |
Oracle OpenJDK | =8-update40 | |
Oracle OpenJDK | =8-update45 | |
Oracle OpenJDK | =8-update5 | |
Oracle OpenJDK | =8-update51 | |
Oracle OpenJDK | =8-update60 | |
Oracle OpenJDK | =8-update65 | |
Oracle OpenJDK | =8-update66 | |
Oracle OpenJDK | =8-update71 | |
Oracle OpenJDK | =8-update72 | |
Oracle OpenJDK | =8-update73 | |
Oracle OpenJDK | =8-update74 | |
Oracle OpenJDK | =8-update77 | |
Oracle OpenJDK | =8-update91 | |
Oracle OpenJDK | =8-update92 | |
Oracle OpenJDK | =20 | |
IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-21967.
The affected software includes Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; and Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, and 22.3.1.
The severity of this vulnerability is medium with a CVSS score of 5.9.
It is difficult to exploit this vulnerability.
You can find more information about this vulnerability at the following references: [GitHub Commit 1](https://github.com/openjdk/jdk8u/commit/71bb00a5d86affa8c2c8934ab892fe6c5191abdc), [GitHub Commit 2](https://github.com/openjdk/jdk11u/commit/4a4f5c528c8b59669e5cc1df1b0e1ad9eb44497b), [GitHub Commit 3](https://github.com/openjdk/jdk17u/commit/0e679760884bb7315c38db37dddf4dfc90f4e1de).