CVE-2023-21954

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6 Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1

Description A difficult to exploit vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition allows an unauthenticated attacker with network access via multiple protocols to compromise the system. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data. This vulnerability applies to Java deployments that load and run untrusted code and rely on the Java sandbox for security. It can also be exploited by using APIs in the specified component, for example, through a web service that supplies data to the APIs.

Recommendations For Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, update to a newer version to mitigate the risk. For Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, 22.3.1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Hotspot component until a patch is available. Avoid using APIs in the specified component, for example, through a web service that supplies data to the APIs, until the issue is resolved.