CVE-2023-22067

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u381 through 8u381-perf Oracle GraalVM Enterprise Edition versions 20.3.11 through 21.3.7

Description The vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition product is related to the CORBA component. It allows an unauthenticated attacker with network access via CORBA to compromise the system. Successful attacks can result in unauthorized update, insert, or delete access to some of the accessible data. This vulnerability can only be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.

Recommendations For Oracle Java SE versions 8u381 through 8u381-perf, consider disabling the CORBA component until a patch is available. For Oracle GraalVM Enterprise Edition versions 20.3.11 through 21.3.7, restrict access to the CORBA component to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets. At the moment, there is no information about a newer version that contains a fix for this vulnerability.