Bug 1213483 (CVE-2023-22051)

Summary: VUL-0: CVE-2023-22051: java-1_8_0-ibm,java-11-openjdk,java-17-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler).
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium CC: fstrba, pmonrealgonzalez, rfrohl, security-team, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/372919/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-22051:3.7:(AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-07-19 12:51:04 UTC 
CVE-2023-22051

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK
product of Oracle Java SE (component: GraalVM Compiler).  Supported versions
that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle
GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. 
Successful attacks of this vulnerability can result in  unauthorized read access
to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK
accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS
Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22051
https://www.cve.org/CVERecord?id=CVE-2023-22051
https://www.oracle.com/security-alerts/cpujul2023.html
Comment 6 Robert Frohl 2024-05-22 11:05:33 UTC 
closing