CVE-2023-21843

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1 Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4, 22.3.0

Description A difficult to exploit vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition allows an unauthenticated attacker with network access via multiple protocols to compromise the system. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data. This vulnerability applies to Java deployments in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code and rely on the Java sandbox for security.

Recommendations For Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1, consider disabling the Sound component until a patch is available. For Oracle GraalVM Enterprise Edition versions 20.3.8, 21.3.4, 22.3.0, consider disabling the Sound component until a patch is available. As a temporary workaround, restrict access to the Sound component to minimize the risk of exploitation. Avoid using the affected Oracle Java SE and Oracle GraalVM Enterprise Edition versions in clients that load and run untrusted code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.