PT-2023-2396 · Oracle+11 · Java Se+13

Ben Smyth

·

Published

2022-11-25

·

Updated

2026-05-08

·

CVE-2023-21930

CVSS v2.0

9.4

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1
Description The vulnerability is related to the JSSE component of Oracle Java SE and Oracle GraalVM Enterprise Edition, allowing an unauthenticated attacker with network access via TLS to compromise the system. Successful attacks can result in unauthorized creation, deletion, or modification of access to critical data. This issue applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited through APIs in the specified component.
Recommendations For Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20: Update to a fixed version to resolve the issue. For Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1: Update to a fixed version to resolve the issue. As a temporary workaround, consider restricting access to the JSSE component until a patch is available. Avoid using APIs in the specified component, e.g., through a web service, until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-924

Related Identifiers

ALSA-2023:1879
ALSA-2023:1880
ALSA-2023:1895
ALSA-2023:1898
ALSA-2023:1908
ALSA-2023:1909
ALT-PU-2022-7673
ALT-PU-2022-7674
ALT-PU-2023-8449
ALT-PU-2023-8454
ALT-PU-2023-8455
ALT-PU-2023-8460
ALT-PU-2023-8464
ALT-PU-2023-8465
ALT-PU-2023-8466
ALT-PU-2023-8467
ALT-PU-2023-8468
ALT-PU-2023-8469
ALT-PU-2023-8470
ALT-PU-2023-8471
ALT-PU-2023-8477
ALT-PU-2023-8482
ALT-PU-2023-8483
ALT-PU-2025-6317
BDU:2023-02179
BIT-JAVA-2023-21930
BIT-JAVA-MIN-2023-21930
BIT-JRE-2023-21930
CESA-2023_1875
CESA-2023_1895
CESA-2023_1898
CESA-2023_1904
CESA-2023_1908
CESA-2023_4103
CVE-2023-21930
DLA-3571-1
DSA-5430-1
DSA-5478-1
MGASA-2023-0272
OESA-2023-1283
OESA-2023-1600
OESA-2023-1601
OESA-2023-1602
OESA-2023-1618
OESA-2023-1642
OESA-2023-1643
OESA-2023-1644
OESA-2023-1645
OESA-2023-1646
OESA-2023-1650
OESA-2023-1737
OESA-2023-1738
OESA-2023-1739
OPENSUSE-SU-2023_3305-1
OPENSUSE-SU-2024:12891-1
OPENSUSE-SU-2024:12892-1
OPENSUSE-SU-2024:12909-1
OPENSUSE-SU-2024:13110-1
OPENSUSE-SU-2024:13130-1
OPENSUSE-SU-2024:13131-1
OPENSUSE-SU-2025:0066-1
OPENSUSE-SU-2025:0067-1
RHSA-2023:1875
RHSA-2023:1877
RHSA-2023:1878
RHSA-2023:1879
RHSA-2023:1880
RHSA-2023:1889
RHSA-2023:1890
RHSA-2023:1891
RHSA-2023:1892
RHSA-2023:1895
RHSA-2023:1898
RHSA-2023:1899
RHSA-2023:1900
RHSA-2023:1904
RHSA-2023:1905
RHSA-2023:1906
RHSA-2023:1907
RHSA-2023:1908
RHSA-2023:1909
RHSA-2023:1910
RHSA-2023:1911
RHSA-2023:4103
RHSA-2023:4160
RHSA-2023_1875
RHSA-2023_1879
RHSA-2023_1880
RHSA-2023_1895
RHSA-2023_1898
RHSA-2023_1904
RHSA-2023_1908
RHSA-2023_1909
RHSA-2023_4103
RHSA-2023_4160
RLSA-2023:1879
RLSA-2023:1880
RLSA-2023:1895
RLSA-2023:1898
RLSA-2023:1909
ROSA-SA-2023-2213
SUSE-SU-2023:2109-1
SUSE-SU-2023:2110-1
SUSE-SU-2023:2222-1
SUSE-SU-2023:2238-1
SUSE-SU-2023:2242-1
SUSE-SU-2023:2242-2
SUSE-SU-2023:2476-1
SUSE-SU-2023:2491-1
SUSE-SU-2023:3305-1
USN-6077-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graalvm Enterprise Edition
Ibm Aix
Java Platform
Java Se
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu