Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8wud-7t2q-xfa3
Vulnerability ID VCID-8wud-7t2q-xfa3
Aliases CVE-2023-21968
Summary OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)
Status Published
Exploitability 0.5
Weighted Severity 3.3
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21968.json
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
epss 0.0008 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2023-21968
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21968.json
https://api.first.org/data/v1/epss?cve=CVE-2023-21968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1035957 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035957
1036280 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036280
2187802 https://bugzilla.redhat.com/show_bug.cgi?id=2187802
RHSA-2023:1875 https://access.redhat.com/errata/RHSA-2023:1875
RHSA-2023:1877 https://access.redhat.com/errata/RHSA-2023:1877
RHSA-2023:1878 https://access.redhat.com/errata/RHSA-2023:1878
RHSA-2023:1879 https://access.redhat.com/errata/RHSA-2023:1879
RHSA-2023:1880 https://access.redhat.com/errata/RHSA-2023:1880
RHSA-2023:1882 https://access.redhat.com/errata/RHSA-2023:1882
RHSA-2023:1883 https://access.redhat.com/errata/RHSA-2023:1883
RHSA-2023:1884 https://access.redhat.com/errata/RHSA-2023:1884
RHSA-2023:1885 https://access.redhat.com/errata/RHSA-2023:1885
RHSA-2023:1889 https://access.redhat.com/errata/RHSA-2023:1889
RHSA-2023:1890 https://access.redhat.com/errata/RHSA-2023:1890
RHSA-2023:1891 https://access.redhat.com/errata/RHSA-2023:1891
RHSA-2023:1892 https://access.redhat.com/errata/RHSA-2023:1892
RHSA-2023:1895 https://access.redhat.com/errata/RHSA-2023:1895
RHSA-2023:1898 https://access.redhat.com/errata/RHSA-2023:1898
RHSA-2023:1899 https://access.redhat.com/errata/RHSA-2023:1899
RHSA-2023:1900 https://access.redhat.com/errata/RHSA-2023:1900
RHSA-2023:1903 https://access.redhat.com/errata/RHSA-2023:1903
RHSA-2023:1904 https://access.redhat.com/errata/RHSA-2023:1904
RHSA-2023:1905 https://access.redhat.com/errata/RHSA-2023:1905
RHSA-2023:1906 https://access.redhat.com/errata/RHSA-2023:1906
RHSA-2023:1907 https://access.redhat.com/errata/RHSA-2023:1907
RHSA-2023:1908 https://access.redhat.com/errata/RHSA-2023:1908
RHSA-2023:1909 https://access.redhat.com/errata/RHSA-2023:1909
RHSA-2023:1910 https://access.redhat.com/errata/RHSA-2023:1910
RHSA-2023:1911 https://access.redhat.com/errata/RHSA-2023:1911
RHSA-2023:1912 https://access.redhat.com/errata/RHSA-2023:1912
RHSA-2023:4103 https://access.redhat.com/errata/RHSA-2023:4103
RHSA-2023:4160 https://access.redhat.com/errata/RHSA-2023:4160
USN-6077-1 https://usn.ubuntu.com/6077-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21968.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.23693
EPSS Score 0.0008
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:54:17.247330+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21968.json 38.0.0