Search for vulnerabilities
Vulnerability details: VCID-sxeg-edcz-aaab
Vulnerability ID VCID-sxeg-edcz-aaab
Aliases CVE-2023-22044
Summary Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Status Published
Exploitability 0.5
Weighted Severity 3.3
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22044.json
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00156 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
epss 0.00685 https://api.first.org/data/v1/epss?cve=CVE-2023-22044
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 3.7 https://nvd.nist.gov/vuln/detail/CVE-2023-22044
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22044.json
https://api.first.org/data/v1/epss?cve=CVE-2023-22044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22044
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20230725-0006/
https://www.debian.org/security/2023/dsa-5458
https://www.oracle.com/security-alerts/cpujul2023.html
2221642 https://bugzilla.redhat.com/show_bug.cgi?id=2221642
cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:22.3.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:17.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm_for_jdk:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:17.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*
cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:17.0.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update371:*:*:enterprise_performance_pack:*:*:*
cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:20.0.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CVE-2023-22044 https://nvd.nist.gov/vuln/detail/CVE-2023-22044
GLSA-202407-24 https://security.gentoo.org/glsa/202407-24
GLSA-202412-07 https://security.gentoo.org/glsa/202412-07
RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
USN-6263-1 https://usn.ubuntu.com/6263-1/
USN-6272-1 https://usn.ubuntu.com/6272-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22044.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-22044
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.17921
EPSS Score 0.00045
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.