CVE-2023-22025

Public on 2023-10-17

Modified on 2024-02-10

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data.

Severity

Low

See what this means

CVSS v3 Base Score

3.7

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	java-17-amazon-corretto	2023-10-18 02:27	ALAS2-2023-2314
Amazon Linux 2023	java-17-amazon-corretto	2023-10-18 16:44	ALAS2023-2023-400
Amazon Linux 2023	java-21-amazon-corretto	2023-10-18 16:44	ALAS2023-2023-399

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	3.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
NVD	CVSSv3	3.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Red Hat: CVE-2023-22025 Mitre: CVE-2023-22025 FAQs regarding Amazon Linux ALAS/CVE Severity

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

CVE-2023-22025

Affected Packages

CVSS Scores

References