Rewterz Threat Advisory – Multiple Oracle Java SE Vulnerabilities
July 25, 2023Rewterz Threat Alert – Lazarus Threat Actor Group Abuses Microsoft IIS Servers for Widespread Malware Distribution
July 25, 2023Rewterz Threat Advisory – Multiple Oracle Java SE Vulnerabilities
July 25, 2023Rewterz Threat Alert – Lazarus Threat Actor Group Abuses Microsoft IIS Servers for Widespread Malware Distribution
July 25, 2023Severity
Low
Analysis Summary
CVE-2023-22043 CVSS:5.9
A vulnerability in Oracle Java SE related to the JavaFX component could allow a remote authenticated attacker to cause high integrity impacts.
CVE-2023-22041 CVSS:5.1
A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Hotspot component could allow a local attacker to cause high confidentiality impacts.
CVE-2023-22051 CVSS:3.7
A vulnerability in Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK related to the GraalVM Compiler component could allow a remote attacker to cause low confidentiality impact.
CVE-2023-22044 CVSS:3.7
A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Hotspot component could allow a remote attacker to cause low confidentiality impacts.
CVE-2023-22045 CVSS:3.7
A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Hotspot component could allow a remote attacker to cause low confidentiality impacts.
CVE-2023-22049 CVSS:3.7
A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVE-2023-22036 CVSS:3.7
A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Utility component could allow a remote attacker to cause low availability impacts.
CVE-2023-22006 CVSS:3.1
A vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK related to the Networking component could allow a remote attacker to cause low integrity impacts.
Impact
- Information Disclosure
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-22043
- CVE-2023-22041
- CVE-2023-22051
- CVE-2023-22044
- CVE-2023-22045
- CVE-2023-22049
- CVE-2023-22036
- CVE-2023-22006
Affected Vendors
Oracle
Affected Products
- Oracle Java SE 8u371
- Oracle GraalVM for JDK 17.0.7
- Oracle GraalVM for JDK 20.0.1
- Oracle Java SE 11.0.19
- Oracle Java SE 17.0.7
- Oracle Java SE 20.0.1
- Oracle GraalVM Enterprise Edition 20.3.10
- Oracle GraalVM Enterprise Edition 21.3.6
- Oracle GraalVM Enterprise Edition 22.3.2
- Oracle Java SE 8u371-perf
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade or suggested workaround information.