Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
| Link | Resource |
|---|---|
| https://www.oracle.com/security-alerts/cpujul2023.html | Patch Vendor Advisory |
| https://www.oracle.com/security-alerts/cpujul2023.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.oracle.com/security-alerts/cpujul2023.html - Patch, Vendor Advisory |
27 Jul 2023, 19:49
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.oracle.com/security-alerts/cpujul2023.html - Patch, Vendor Advisory | |
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:* |
|
| First Time |
Oracle graalvm
Oracle Oracle graalvm For Jdk |
18 Jul 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-18 21:15
Updated : 2024-11-21 07:44
NVD link : CVE-2023-22051
Mitre link : CVE-2023-22051
CVE.ORG link : CVE-2023-22051
JSON object : View
Products Affected
oracle
- graalvm_for_jdk
- graalvm
CWE