CVE-2023-22041

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u371-perf, 11.0.19, 17.0.7, 20.0.1 Oracle GraalVM Enterprise Edition versions 20.3.10, 21.3.6, 22.3.2 Oracle GraalVM for JDK versions 17.0.7, 20.0.1

Description The issue is related to a difficult to exploit vulnerability in the Hotspot component of Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK. This vulnerability allows an unauthenticated attacker with logon to the infrastructure where these products execute to compromise them. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data. The vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.

Recommendations For Oracle Java SE version 8u371-perf, update to a fixed version when available. For Oracle Java SE version 11.0.19, update to a fixed version when available. For Oracle Java SE version 17.0.7, update to a fixed version when available. For Oracle Java SE version 20.0.1, update to a fixed version when available. For Oracle GraalVM Enterprise Edition version 20.3.10, update to a fixed version when available. For Oracle GraalVM Enterprise Edition version 21.3.6, update to a fixed version when available. For Oracle GraalVM Enterprise Edition version 22.3.2, update to a fixed version when available. For Oracle GraalVM for JDK version 17.0.7, update to a fixed version when available. For Oracle GraalVM for JDK version 20.0.1, update to a fixed version when available. As a temporary workaround, consider restricting access to untrusted code and sandboxed applications until a patch is available.