CVE-2023-22067

EPSS 0.17%
Published 17.10.2023 22:15:12
Last modified 12.06.2025 15:15:29
Source secalert_us@oracle.com
Teams watchlist Login
Open Login

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA).  Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and  21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Jdk Version1.8.0 Updateupdate381 SwEdition-

Oracle ≫ Jdk Version1.8.0 Updateupdate381 SwEditionenterprise_performance_pack

Oracle ≫ Jre Version1.8.0 Updateupdate381 SwEdition-

Oracle ≫ Jre Version1.8.0 Updateupdate381 SwEditionenterprise_performance_pack

Netapp ≫ Cloud Insights Acquisition Unit Version-

Netapp ≫ Cloud Insights Storage Workload Security Agent Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.39

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert_us@oracle.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.oracle.com/security-alerts/cpuoct2023.html

Patch

Vendor Advisory

https://security.netapp.com/advisory/ntap-20231027-0006/

Third Party Advisory

https://www.debian.org/security/2023/dsa-5537

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-22067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22067

EUVD