PT-2023-6312 · Oracle+10 · Graalvm For Jdk+13

Published

2023-10-17

·

Updated

2026-05-08

·

CVE-2023-22081

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u381, 8u381-perf, 11.0.20, 17.0.8, 21 Oracle GraalVM for JDK versions 17.0.8, 21 Oracle GraalVM Enterprise Edition versions 20.3.11, 21.3.7, 22.3.3
Description The issue is related to a flaw in the JSSE component of the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products. This flaw allows an unauthenticated attacker with network access via HTTPS to compromise the affected systems. Successful attacks can result in a partial denial of service (partial DOS) of the affected products. The vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.
Recommendations For Oracle Java SE versions 8u381, 8u381-perf, 11.0.20, 17.0.8, 21, update to a version that includes the fix for this vulnerability. For Oracle GraalVM for JDK versions 17.0.8, 21, update to a version that includes the fix for this vulnerability. For Oracle GraalVM Enterprise Edition versions 20.3.11, 21.3.7, 22.3.3, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the JSSE component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Certificate Validation

RCE

Weakness Enumeration

CWE-295CWE-20

Related Identifiers

ALSA-2023:5731
ALSA-2023:5733
ALSA-2023:5742
ALSA-2023:5744
ALSA-2023:5751
ALSA-2023:5753
ALSA-2023:6738
ALSA-2023:6887
ALT-PU-2023-8489
ALT-PU-2023-8490
ALT-PU-2023-8491
ALT-PU-2023-8493
ALT-PU-2023-8494
ALT-PU-2023-8495
ALT-PU-2024-17574
ALT-PU-2024-17585
ALT-PU-2024-17587
ALT-PU-2024-17589
ALT-PU-2024-17592
ALT-PU-2024-17593
ALT-PU-2025-6317
BDU:2023-07023
BIT-JAVA-2023-22081
BIT-JAVA-MIN-2023-22081
BIT-JRE-2023-22081
CESA-2023_5731
CESA-2023_5736
CESA-2023_5742
CESA-2023_5751
CESA-2023_5761
CESA-2023_6887
CESA-2024_0866
CVE-2023-22081
DLA-3636-1
DSA-5537-1
DSA-5548-1
MGASA-2023-0326
MGASA-2024-0056
OESA-2023-1813
OESA-2023-1814
OESA-2023-1815
OESA-2023-1829
OESA-2023-1839
OESA-2023-1848
OESA-2024-2485
OESA-2024-2486
OESA-2024-2488
OESA-2024-2489
OPENSUSE-SU-2023_4198-1
OPENSUSE-SU-2023_4289-1
OPENSUSE-SU-2023_4506-1
OPENSUSE-SU-2024:13342-1
OPENSUSE-SU-2024:13351-1
OPENSUSE-SU-2024:13357-1
OPENSUSE-SU-2024:13421-1
OPENSUSE-SU-2024:13455-1
OPENSUSE-SU-2024:13456-1
OPENSUSE-SU-2025:0066-1
OPENSUSE-SU-2025:0067-1
RHSA-2023:5727
RHSA-2023:5728
RHSA-2023:5729
RHSA-2023:5730
RHSA-2023:5731
RHSA-2023:5732
RHSA-2023:5733
RHSA-2023:5736
RHSA-2023:5737
RHSA-2023:5739
RHSA-2023:5740
RHSA-2023:5741
RHSA-2023:5742
RHSA-2023:5743
RHSA-2023:5744
RHSA-2023:5747
RHSA-2023:5750
RHSA-2023:5751
RHSA-2023:5752
RHSA-2023:5753
RHSA-2023:5761
RHSA-2023:6738
RHSA-2023:6887
RHSA-2023_5731
RHSA-2023_5733
RHSA-2023_5736
RHSA-2023_5742
RHSA-2023_5744
RHSA-2023_5751
RHSA-2023_5753
RHSA-2023_5761
RHSA-2023_6738
RHSA-2023_6887
RHSA-2024:0866
RHSA-2024:0879
RHSA-2024_0866
RHSA-2024_0879
RLSA-2023:5742
ROSA-SA-2023-2312
SUSE-SU-2023:4152-1
SUSE-SU-2023:4198-1
SUSE-SU-2023:4289-1
SUSE-SU-2023:4506-1
SUSE-SU-2023:4507-1
SUSE-SU-2023:4572-1
SUSE-SU-2023:4612-1
SUSE-SU-2023:4614-1
SUSE-SU-2023_4152-1
SUSE-SU-2023_4198-1
USN-6527-1
USN-6528-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Graalvm Enterprise Edition
Graalvm For Jdk
Ibm Aix
Java Platform
Java Se
Linuxmint
Red Hat
Red Os
Suse
Ubuntu