PT-2023-2656 · Oracle+10 · Java Se+12

Published

2022-11-25

·

Updated

2026-05-08

·

CVE-2023-21938

CVSS v3.1

3.7

Low

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4, 22.3.0
Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Oracle GraalVM Enterprise Edition. This allows an unauthenticated attacker with network access via multiple protocols to compromise the system, resulting in unauthorized update, insert, or delete access to some accessible data. The vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.
Recommendations For Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, 20, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4, 22.3.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to untrusted code and disabling the use of sandboxed Java Web Start applications or sandboxed Java applets until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2023:1879
ALSA-2023:1880
ALSA-2023:1895
ALSA-2023:1898
ALSA-2023:1908
ALSA-2023:1909
ALT-PU-2022-7673
ALT-PU-2022-7674
ALT-PU-2023-8449
ALT-PU-2023-8454
ALT-PU-2023-8455
ALT-PU-2023-8460
ALT-PU-2023-8464
ALT-PU-2023-8465
ALT-PU-2023-8466
ALT-PU-2023-8467
ALT-PU-2023-8468
ALT-PU-2023-8469
ALT-PU-2023-8470
ALT-PU-2023-8471
ALT-PU-2023-8477
ALT-PU-2023-8482
ALT-PU-2023-8483
ALT-PU-2025-6317
BDU:2023-02496
BIT-JAVA-2023-21938
BIT-JAVA-MIN-2023-21938
BIT-JRE-2023-21938
CESA-2023_1875
CESA-2023_1895
CESA-2023_1898
CESA-2023_1904
CESA-2023_1908
CESA-2023_4103
CVE-2023-21938
DLA-3571-1
DSA-5430-1
DSA-5478-1
MGASA-2023-0272
OESA-2023-1600
OESA-2023-1601
OESA-2023-1602
OESA-2023-1603
OESA-2023-1617
OESA-2023-1618
OESA-2023-1642
OESA-2023-1643
OESA-2023-1644
OESA-2023-1645
OESA-2023-1646
OESA-2023-1650
OESA-2023-1737
OESA-2023-1738
OESA-2023-1739
OPENSUSE-SU-2023_3305-1
OPENSUSE-SU-2024:12891-1
OPENSUSE-SU-2024:12892-1
OPENSUSE-SU-2024:12909-1
OPENSUSE-SU-2024:13110-1
OPENSUSE-SU-2024:13130-1
OPENSUSE-SU-2024:13131-1
OPENSUSE-SU-2025:0066-1
OPENSUSE-SU-2025:0067-1
RHSA-2023:1875
RHSA-2023:1877
RHSA-2023:1878
RHSA-2023:1879
RHSA-2023:1880
RHSA-2023:1889
RHSA-2023:1890
RHSA-2023:1891
RHSA-2023:1892
RHSA-2023:1895
RHSA-2023:1898
RHSA-2023:1899
RHSA-2023:1900
RHSA-2023:1904
RHSA-2023:1905
RHSA-2023:1906
RHSA-2023:1907
RHSA-2023:1908
RHSA-2023:1909
RHSA-2023:1910
RHSA-2023:1911
RHSA-2023:4103
RHSA-2023:4160
RHSA-2023_1875
RHSA-2023_1879
RHSA-2023_1880
RHSA-2023_1895
RHSA-2023_1898
RHSA-2023_1904
RHSA-2023_1908
RHSA-2023_1909
RHSA-2023_4103
RHSA-2023_4160
RLSA-2023:1879
RLSA-2023:1880
RLSA-2023:1895
RLSA-2023:1898
RLSA-2023:1909
ROSA-SA-2023-2213
SUSE-SU-2023:2109-1
SUSE-SU-2023:2110-1
SUSE-SU-2023:2222-1
SUSE-SU-2023:2238-1
SUSE-SU-2023:2242-1
SUSE-SU-2023:2242-2
SUSE-SU-2023:2476-1
SUSE-SU-2023:2491-1
SUSE-SU-2023:3305-1
USN-6077-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graalvm Enterprise Edition
Ibm Aix
Java Platform
Java Se
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu