Bug 1213483 (CVE-2023-22051) - VUL-0: CVE-2023-22051: java-1_8_0-ibm,java-11-openjdk,java-17-openjdk,java-1_8_0-openjdk: Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler).
Summary: VUL-0: CVE-2023-22051: java-1_8_0-ibm,java-11-openjdk,java-17-openjdk,java-1_...
Status: RESOLVED FIXED
Alias: CVE-2023-22051
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/372919/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-22051:3.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-19 12:51 UTC by Thomas Leroy
Modified: 2024-05-22 11:05 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2023-07-19 12:51:04 UTC 
CVE-2023-22051

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK
product of Oracle Java SE (component: GraalVM Compiler).  Supported versions
that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle
GraalVM for JDK: 17.0.7 and  20.0.1. Difficult to exploit vulnerability allows
unauthenticated attacker with network access via multiple protocols to
compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. 
Successful attacks of this vulnerability can result in  unauthorized read access
to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK
accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS
Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22051
https://www.cve.org/CVERecord?id=CVE-2023-22051
https://www.oracle.com/security-alerts/cpujul2023.html
Comment 6 Robert Frohl 2024-05-22 11:05:33 UTC 
closing