Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1udc-zxe4-sbfs
Vulnerability ID VCID-1udc-zxe4-sbfs
Aliases CVE-2023-22041
Summary OpenJDK: weakness in AES implementation (8308682)
Status Published
Exploitability 0.5
Weighted Severity 4.6
Risk 2.3
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-334 Small Space of Random Values
System Score Found at
cvssv3 5.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22041.json
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2023-22041
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2023-22041
epss 0.00102 https://api.first.org/data/v1/epss?cve=CVE-2023-22041
cvssv3.1 5.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.1 https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
cvssv3.1 5.1 https://security.netapp.com/advisory/ntap-20230725-0006/
ssvc Track https://security.netapp.com/advisory/ntap-20230725-0006/
cvssv3.1 5.1 https://www.debian.org/security/2023/dsa-5458
ssvc Track https://www.debian.org/security/2023/dsa-5458
cvssv3.1 5.1 https://www.debian.org/security/2023/dsa-5478
ssvc Track https://www.debian.org/security/2023/dsa-5478
cvssv3.1 5.1 https://www.oracle.com/security-alerts/cpujul2023.html
ssvc Track https://www.oracle.com/security-alerts/cpujul2023.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22041.json
https://api.first.org/data/v1/epss?cve=CVE-2023-22041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2223207 https://bugzilla.redhat.com/show_bug.cgi?id=2223207
cpujul2023.html https://www.oracle.com/security-alerts/cpujul2023.html
dsa-5458 https://www.debian.org/security/2023/dsa-5458
dsa-5478 https://www.debian.org/security/2023/dsa-5478
GLSA-202407-24 https://security.gentoo.org/glsa/202407-24
GLSA-202412-07 https://security.gentoo.org/glsa/202412-07
msg00018.html https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
ntap-20230725-0006 https://security.netapp.com/advisory/ntap-20230725-0006/
RHSA-2023:4157 https://access.redhat.com/errata/RHSA-2023:4157
RHSA-2023:4158 https://access.redhat.com/errata/RHSA-2023:4158
RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
RHSA-2023:4161 https://access.redhat.com/errata/RHSA-2023:4161
RHSA-2023:4162 https://access.redhat.com/errata/RHSA-2023:4162
RHSA-2023:4163 https://access.redhat.com/errata/RHSA-2023:4163
RHSA-2023:4164 https://access.redhat.com/errata/RHSA-2023:4164
RHSA-2023:4165 https://access.redhat.com/errata/RHSA-2023:4165
RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
RHSA-2023:4175 https://access.redhat.com/errata/RHSA-2023:4175
RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
RHSA-2023:4208 https://access.redhat.com/errata/RHSA-2023:4208
RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
RHSA-2023:4233 https://access.redhat.com/errata/RHSA-2023:4233
USN-6263-1 https://usn.ubuntu.com/6263-1/
USN-6272-1 https://usn.ubuntu.com/6272-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22041.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T16:22:42Z/ Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20230725-0006/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T16:22:42Z/ Found at https://security.netapp.com/advisory/ntap-20230725-0006/
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5458
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T16:22:42Z/ Found at https://www.debian.org/security/2023/dsa-5458
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5478
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T16:22:42Z/ Found at https://www.debian.org/security/2023/dsa-5478
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/security-alerts/cpujul2023.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T16:22:42Z/ Found at https://www.oracle.com/security-alerts/cpujul2023.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.27519
EPSS Score 0.00102
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:04:25.770158+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22041.json 38.6.0