Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ws9k-anrz-1ubt
Vulnerability ID VCID-ws9k-anrz-1ubt
Aliases CVE-2023-22049
Summary OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312)
Status Published
Exploitability 0.5
Weighted Severity 3.3
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22049.json
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2023-22049
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2023-22049
epss 0.00083 https://api.first.org/data/v1/epss?cve=CVE-2023-22049
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 3.7 https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
ssvc Track https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
cvssv3.1 3.7 https://security.netapp.com/advisory/ntap-20230725-0006/
ssvc Track https://security.netapp.com/advisory/ntap-20230725-0006/
cvssv3.1 3.7 https://security.netapp.com/advisory/ntap-20240621-0006/
ssvc Track https://security.netapp.com/advisory/ntap-20240621-0006/
cvssv3.1 3.7 https://www.debian.org/security/2023/dsa-5458
ssvc Track https://www.debian.org/security/2023/dsa-5458
cvssv3.1 3.7 https://www.debian.org/security/2023/dsa-5478
ssvc Track https://www.debian.org/security/2023/dsa-5478
cvssv3.1 3.7 https://www.oracle.com/security-alerts/cpujul2023.html
ssvc Track https://www.oracle.com/security-alerts/cpujul2023.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22049.json
https://api.first.org/data/v1/epss?cve=CVE-2023-22049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22049
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2221647 https://bugzilla.redhat.com/show_bug.cgi?id=2221647
cpujul2023.html https://www.oracle.com/security-alerts/cpujul2023.html
dsa-5458 https://www.debian.org/security/2023/dsa-5458
dsa-5478 https://www.debian.org/security/2023/dsa-5478
GLSA-202407-24 https://security.gentoo.org/glsa/202407-24
GLSA-202412-07 https://security.gentoo.org/glsa/202412-07
msg00018.html https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
ntap-20230725-0006 https://security.netapp.com/advisory/ntap-20230725-0006/
ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20240621-0006/
RHSA-2023:4157 https://access.redhat.com/errata/RHSA-2023:4157
RHSA-2023:4158 https://access.redhat.com/errata/RHSA-2023:4158
RHSA-2023:4159 https://access.redhat.com/errata/RHSA-2023:4159
RHSA-2023:4161 https://access.redhat.com/errata/RHSA-2023:4161
RHSA-2023:4162 https://access.redhat.com/errata/RHSA-2023:4162
RHSA-2023:4163 https://access.redhat.com/errata/RHSA-2023:4163
RHSA-2023:4164 https://access.redhat.com/errata/RHSA-2023:4164
RHSA-2023:4165 https://access.redhat.com/errata/RHSA-2023:4165
RHSA-2023:4166 https://access.redhat.com/errata/RHSA-2023:4166
RHSA-2023:4167 https://access.redhat.com/errata/RHSA-2023:4167
RHSA-2023:4168 https://access.redhat.com/errata/RHSA-2023:4168
RHSA-2023:4169 https://access.redhat.com/errata/RHSA-2023:4169
RHSA-2023:4170 https://access.redhat.com/errata/RHSA-2023:4170
RHSA-2023:4171 https://access.redhat.com/errata/RHSA-2023:4171
RHSA-2023:4172 https://access.redhat.com/errata/RHSA-2023:4172
RHSA-2023:4173 https://access.redhat.com/errata/RHSA-2023:4173
RHSA-2023:4174 https://access.redhat.com/errata/RHSA-2023:4174
RHSA-2023:4175 https://access.redhat.com/errata/RHSA-2023:4175
RHSA-2023:4176 https://access.redhat.com/errata/RHSA-2023:4176
RHSA-2023:4177 https://access.redhat.com/errata/RHSA-2023:4177
RHSA-2023:4178 https://access.redhat.com/errata/RHSA-2023:4178
RHSA-2023:4208 https://access.redhat.com/errata/RHSA-2023:4208
RHSA-2023:4209 https://access.redhat.com/errata/RHSA-2023:4209
RHSA-2023:4210 https://access.redhat.com/errata/RHSA-2023:4210
RHSA-2023:4211 https://access.redhat.com/errata/RHSA-2023:4211
RHSA-2023:4212 https://access.redhat.com/errata/RHSA-2023:4212
RHSA-2023:4233 https://access.redhat.com/errata/RHSA-2023:4233
RHSA-2023:4876 https://access.redhat.com/errata/RHSA-2023:4876
RHSA-2023:4877 https://access.redhat.com/errata/RHSA-2023:4877
USN-6263-1 https://usn.ubuntu.com/6263-1/
USN-6272-1 https://usn.ubuntu.com/6272-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22049.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:37:01Z/ Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20230725-0006/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:37:01Z/ Found at https://security.netapp.com/advisory/ntap-20230725-0006/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:37:01Z/ Found at https://security.netapp.com/advisory/ntap-20240621-0006/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5458
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:37:01Z/ Found at https://www.debian.org/security/2023/dsa-5458
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5478
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:37:01Z/ Found at https://www.debian.org/security/2023/dsa-5478
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpujul2023.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T16:37:01Z/ Found at https://www.oracle.com/security-alerts/cpujul2023.html
Exploit Prediction Scoring System (EPSS)
Percentile 0.24223
EPSS Score 0.00083
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:04:23.758658+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22049.json 38.6.0