VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-9uzg-sja9-hkcy

Essentials
Severities (24)
References (52)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-9uzg-sja9-hkcy
Aliases	CVE-2023-21939
Summary	OpenJDK: Swing HTML parsing issue (8296832)
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-20

Improper Input Validation

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21939.json
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
epss	0.01861	https://api.first.org/data/v1/epss?cve=CVE-2023-21939
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20230427-0008/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230427-0008/
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20240621-0006/
ssvc	Track	https://security.netapp.com/advisory/ntap-20240621-0006/
cvssv3.1	5.3	https://www.couchbase.com/alerts/
ssvc	Track	https://www.couchbase.com/alerts/
cvssv3.1	5.3	https://www.debian.org/security/2023/dsa-5430
ssvc	Track	https://www.debian.org/security/2023/dsa-5430
cvssv3.1	5.3	https://www.debian.org/security/2023/dsa-5478
ssvc	Track	https://www.debian.org/security/2023/dsa-5478
cvssv3.1	5.3	https://www.oracle.com/security-alerts/cpuapr2023.html
ssvc	Track	https://www.oracle.com/security-alerts/cpuapr2023.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21939.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-21939
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1035957		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035957
1036280		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036280
2187724		https://bugzilla.redhat.com/show_bug.cgi?id=2187724
dsa-5430		https://www.debian.org/security/2023/dsa-5430
dsa-5478		https://www.debian.org/security/2023/dsa-5478
msg00018.html		https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
ntap-20230427-0008		https://security.netapp.com/advisory/ntap-20230427-0008/
RHSA-2023:1875		https://access.redhat.com/errata/RHSA-2023:1875
RHSA-2023:1877		https://access.redhat.com/errata/RHSA-2023:1877
RHSA-2023:1878		https://access.redhat.com/errata/RHSA-2023:1878
RHSA-2023:1879		https://access.redhat.com/errata/RHSA-2023:1879
RHSA-2023:1880		https://access.redhat.com/errata/RHSA-2023:1880
RHSA-2023:1882		https://access.redhat.com/errata/RHSA-2023:1882
RHSA-2023:1883		https://access.redhat.com/errata/RHSA-2023:1883
RHSA-2023:1884		https://access.redhat.com/errata/RHSA-2023:1884
RHSA-2023:1885		https://access.redhat.com/errata/RHSA-2023:1885
RHSA-2023:1889		https://access.redhat.com/errata/RHSA-2023:1889
RHSA-2023:1890		https://access.redhat.com/errata/RHSA-2023:1890
RHSA-2023:1891		https://access.redhat.com/errata/RHSA-2023:1891
RHSA-2023:1892		https://access.redhat.com/errata/RHSA-2023:1892
RHSA-2023:1895		https://access.redhat.com/errata/RHSA-2023:1895
RHSA-2023:1898		https://access.redhat.com/errata/RHSA-2023:1898
RHSA-2023:1899		https://access.redhat.com/errata/RHSA-2023:1899
RHSA-2023:1900		https://access.redhat.com/errata/RHSA-2023:1900
RHSA-2023:1903		https://access.redhat.com/errata/RHSA-2023:1903
RHSA-2023:1904		https://access.redhat.com/errata/RHSA-2023:1904
RHSA-2023:1905		https://access.redhat.com/errata/RHSA-2023:1905
RHSA-2023:1906		https://access.redhat.com/errata/RHSA-2023:1906
RHSA-2023:1907		https://access.redhat.com/errata/RHSA-2023:1907
RHSA-2023:1908		https://access.redhat.com/errata/RHSA-2023:1908
RHSA-2023:1909		https://access.redhat.com/errata/RHSA-2023:1909
RHSA-2023:1910		https://access.redhat.com/errata/RHSA-2023:1910
RHSA-2023:1911		https://access.redhat.com/errata/RHSA-2023:1911
RHSA-2023:1912		https://access.redhat.com/errata/RHSA-2023:1912
RHSA-2023:4103		https://access.redhat.com/errata/RHSA-2023:4103
RHSA-2023:4160		https://access.redhat.com/errata/RHSA-2023:4160
USN-6077-1		https://usn.ubuntu.com/6077-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21939.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:26:29Z/ Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20230427-0008/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:26:29Z/ Found at https://security.netapp.com/advisory/ntap-20230427-0008/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:26:29Z/ Found at https://security.netapp.com/advisory/ntap-20240621-0006/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.couchbase.com/alerts/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:26:29Z/ Found at https://www.couchbase.com/alerts/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5430

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:26:29Z/ Found at https://www.debian.org/security/2023/dsa-5430

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5478

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:26:29Z/ Found at https://www.debian.org/security/2023/dsa-5478

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2023.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T19:26:29Z/ Found at https://www.oracle.com/security-alerts/cpuapr2023.html

Exploit Prediction Scoring System (EPSS)

Percentile	0.83001
EPSS Score	0.01861
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:54:13.666110+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-21939.json	38.0.0